The burgeoning health information technology (HIT) sector is fast being transformed into a healthcare-specific Internet of Things (IoT), a cloud based, globally interconnected intelligent network. The IoT is rapidly making inroads into HIT, especially in the realm of medical device use and management. Examples include real-time monitoring of implantable medical devices, imaging, asset tracking and inventory control, as well as telehealth applications.
In the healthcare sector, the IoT gathers, transmits and analyzes data such as Electronic Health Records (EHR) containing Personally Identifiable Information (PII), Personal Health Information (PHI), and other machine-generated healthcare data. But this diffuse layered sensor-based environment is fraught with security and privacy challenges. Interoperability is also a problem because industry silos exist, comprised of competing vendor applications. Standards development organizations such as ISO are working to create IoT umbrella standards to promote interoperability. Kantara is working on digital identification and authentication, to ensure efficient, interoperable information delivery.
But this new technology offers as many problems as solutions. Some security experts have even said that the IoT cannot be secured.
There is another promising technology on the horizon called Software-Defined Anything (SDx) that might help resolve some of the challenges HIT IoT faces. The combination of SDx and IoT technology spells more control over all types of medical devices and assets. SDx has been described as a system where software virtual machine “rules over numerous connected machines while directing many different types of user activity.”[1] SDx will be able to control HIT sensor-based hardware systems, thereby allowing it to collect data from a wide range of devices.
SDx can encompass several related technologies, such as the Software Defined Perimeter (SDP) research project, which is being led by the Cloud Security Alliance (CSA). The SDP approach to perimeter security focuses on the integration of “device authentication, identity-based access and dynamically provisioned connectivity.” The SDP security model has been shown to stop “all forms of network attacks including DDoS, Man-in-the-Middle, Server Query (OWASP10) as well as Advanced Persistent Threat (APT).”
SDx is set to “change the world as we know it, much as the Internet has reordered the business landscape over the last decade. With SDx, if you can think it, it has the potential to become reality,” according to researchers at the Idaho National Laboratory. “The framework behind SDx enables applications to understand, predict and deliver reliable capabilities and experiences to the end user regardless of location or device…The results will yield repeatable, sustainable, secure solutions that reduce costs and quickly deliver innovation into the hands of users securely and without traditional constraints.”[2]
Contributed by: Judy Fincher
[1] Techopedia blog, by Cory Janssen, co-founder of Janalta Interactive, Inc., the parent company of Techopedia and its content editor.
[2] Simpson, Wayne, and Borders, Tammie, GCN, “Software-defined anything challenges status quo,” May 04, 2015; https://gcn.com/cloud-infrastructure/2015/05/software-defined-anything-challenges-status-quo/286916/