Now, Intel Security (as McAfee is now known) is looking to tackle one of the most important frontiers on the modern security landscape: healthcare. In a report filed by the division last week, the company laid out the challenges that the healthcare industry will face as it attempts to modernize outdated facilities and utilize new Internet of Things (IoT) technologies in the treatment and rehabilitation of ailing patients.
Intel’s report makes no excuses about the bumpy road that leads to truly streamlined healthcare IoT applications. Will its attempt to find “a better way to get better” take Internet security in the direction it needs to go?
Healthcare 2038
For years designers, architects, and dreamers have visualized a future where doctors can monitor all their patients in real-time from the comfort of a single tablet. Self-driving gurneys wheel themselves and their patients down the hall from intensive care to surgery, all while the necessary pharmacy prescriptions are filled in seconds by automated robots taking tickets down on the first floor.
Believe it or not, a world where patients walk around with RFID-tagged bracelets isn’t as far off as you might think, and many of the applications I’ve listed above are already in use today. They make up just a few of the many areas where an “Internet of Things” approach to healthcare is more than a gimmick, and could provide enough of a benefit to actually save lives in the long term.
Intel’s estimates show that the healthcare industry could save upwards of $63 billion in the first 15 years of IoT integration, a number that’s expected to increase exponentially as more time goes on. Human error accounts for a significant fraction of this lost revenue annually, and with an IoT-connected infrastructure many of these mistakes — if not all of them — could be ironed out in an instant.
But, despite all this optimistic talk, if you’re reading carefully you’ll notice a lot of ‘could’ and ‘might’ being thrown around. That’s because even though there’s a potentially limitless number of benefits, the possible drawbacks are too severe to ignore.
A reason for concern
Of the 48 percent of healthcare organizations that have integrated their Internet Technology capabilities into everyday operations, nearly two-thirds of them have done so on top of a system or network that hasn’t been properly secured to handle the increased load.
As more of our financial data gets linked to the date that we had our last colonoscopy, criminal rings are discovering all new ways to exploit medical records for profit on the underground market.
This represents a massive risk to millions of patients who entrust their identity, and their life, to Internet-connected devices. Before we can have grandma’s insulin meter hooked up to her Facebook account, we’ll need to be able to maintain an ecosystem where major insurance providers like Anthem and Premera don’t lose medical records by the tens of million at a time first.
The dark side of automation
In this coming era of connectivity, our identities won’t be the only things at risk on this fresh frontier of innovation. As machines containing potent medications are hooked up to the net, the potential for abuse rises exponentially.
The reason we’ve kept a metaphorical (and sometimes literal) brick wall between life-saving equipment and the Internet of Things so far, is because the mere thought of this kind of power falling into the wrong hands is straight out of a sci-fi horror story, according to Intel.
“Wireless implants can automatically inject insulin for diabetic patients. Heart pumps can carefully send calibrated shocks to keep hearts pumping. But we have to secure these healthcare IoT devices before we can see those benefits realized.”
“Even more dangerous than the potential for targeted killings, though also far less likely, is the threat of widespread disruption. Theoretically, a piece of targeted malware could spread across the Internet, affecting everyone with a vulnerable device,” reads Intel’s report.
Such a plot has already been featured on the drama Homeland. In the show, the vice president of the United States was killed when a wireless device hacked into his pacemaker and forced him into cardiac arrest.
And virtual assassinations are just the tip of the iceberg. Imagine a burglar walking into an automated pharmacy and hacking the system to dispense thousands of Oxycontin at once. Terrorists taking control of a life support system from halfway across the planet, demanding ransoms to be paid or they’ll flood the system with kill commands.
“Such a scenario has materialized in business IT and industrial control systems; the sophisticated Stuxnet attack against Iran’s nuclear program is one example of this,” Intel’s report reads.
While it may sound like fiction, these are the realities that Intel says equipment manufacturers, vendors, hospitals and doctors will need to plan for in order to clear what is sure to be one of the most vigorous vetting sessions in the history of electronics regulation.
Healing from the inside-out
Intel’s first attempt at a solution is to establish an early architecture from the inside-out, creating proprietary devices engineered on the back of Intel technology with security at the forefront of their design process.
“This starts with having security baked into the devices themselves. With this approach, doctors and scientists can issue safe updates to devices and prevent them from being tampered with,” proposed Intel in its paper.
Furthermore, the report recognizes the very real challenge of getting dozens of different regulatory agencies from different countries to agree upon a single standard for security.
“Improving security almost certainly requires a safe place to talk about these issues, provide clarity on regulatory interpretation, reach agreement on how regulators can enable innovation and effectiveness, and serve as a safeguard of the public interest.”
The third point bleeds into this, putting out a call to device makers to collaborate and combine their energy instead of competing for contracts. But it’s the last stipulation which really caught our eye.
The company says that if we expect to make a real difference in the industry, the public’s ability to participate in the debate about what happens next will be crucial.
“In most countries, governments and private companies do not adequately represent the public’s interest in medical issues. It is fundamental that this model offers a voice in the debate to the public, especially patients and their families.“
Conclusion
We’re standing at the precipice of a revolution in medicine, one where all the menial tasks of keeping loved ones and ourselves alive and healthy be streamlined, automated, and taken care of by a computer that doesn’t make mistakes.
Surgeries are performed on the right patients, medications are doled out to exact specifications, and nurses might be able to kick their feet up once in awhile and let a robot handle the most physically strenuous work.
Many of the key components that will form the foundation of future medical centers can be seen now, but if we’re ever going to have them linked up to a network, we’ll need to know they won’t be vulnerable to a threat that could scare off the public before the technology even has a chance to get off the ground.
By incorporating equal parts manpower and ingenuity to bring this fantasy into the real world, Intel plans to work tirelessly to bring the hospital of tomorrow just a bit closer to today.
Read the full report here.
