Today, there is a growing interest in where the Internet of Things (IoT) is headed amongst predictions that the number of connected devices could grow to reach 50 billion by 2020. What’s becoming clearer is that a large percentage of this growth will be attributed to wearable technology, and that technology will generate a large amount of individual data, and datasets, that can be utilized to improve such things as precision medicine, preventive care and remote monitoring for healthcare rehabilitation. Already, doctors are embracing the use of wearable technology to monitor trends, assess medications, and adjust therapies based on behavioral patterns and data collection from these devices, allowing them to more quickly and accurately determine targeted treatments for faster patient recoveries. An additional upside to this healthcare evolution is resulting overall cost reductions for patients, healthcare providers and insurance companies.
Few people will argue that going to the doctor, even when necessary, can sometimes be troublesome and time consuming – the risk of contracting another patient’s cold virus notwithstanding. Up until recently, the only way for a doctor to assess your recovery and rehabilitation was through a face-to-face office visit. Today, the introduction of new wearable devices is significantly augmenting how doctors monitor and treat patients, while also opening the door for continual monitoring of patients with ongoing medical issues, such as diabetes and cardiovascular disease.
While the promise and benefits that can be achieved through wearable technology are significant, one challenge to overcome is to find ways to protect and share data securely and with the appropriate governance in place to ensure privacy of individuals’ medical information. Security breaches that take place in a financial institution, where an individual’s credit or banking information might be compromised, can easily be resolved by closing accounts, canceling credit cards, etc. Conversely, it is a far more difficult situation when unauthorized access to a person’s medical information takes place, as there is no easy path to rectify the data loss. In light of that reality, privacy and security becomes of extreme importance as it relates to wearable technology, data management and governance.
IEEE Activities
In February 2016, the IEEE Center for Secure Design End Fragment released WearFit: Security Design Analysis of a Wearable Fitness Tracker. This report showcases the 10 common security design flaws using a security analysis of a fictitious wearable fitness tracking system called WearFit. The form factor of devices like WearFit that connect people with other devices represents a new way society consumes computing technology. In turn, this makes wearables a high-priority area of scrutiny for potential software security threats. WearFit: Security Design Analysis of a Wearable Fitness Tracker expands the focus on security for wearables to include a balanced approach that looks at design flaws and identifies ways that manufacturers can avoid vulnerabilities and bugs by the nature of the way the device is built.
The issue of cybersecurity for medical devices has recently been elevated, with the FDA making recommendations for manufacturers to protect against potential vulnerabilities in medical devices. In 2015, the IEEE Cybersecurity Initiative released a report entitled “Building Code for Medical Device Software Security,” to detail ways to limit the vulnerability of medical device software to malicious attackers. The report covers software vulnerabilities exploited by malicious attackers and proposes standards for five software implementations, including how to:
- Avoid, detect, or remove specific vulnerabilities like using memory-safe languages, secure coding standards, and automated thread safety analysis
- Ensure proper cryptography
- Improve software integrity
- Impede attacker analysis or exploitation
- Detect malicious attacks.
The report also notes that the “building code” itself should be consistent in categorizing particular types of attacks and should be maintained over time.
The IEEE Standards Association (IEEE-SA) is also very much involved in work related to the medical immigration of devices and ensuring the interoperability of wearable technology. The IEEE 11073TM family of standards enables communication between medical, health care and wellness devices, and with external computer systems. They provide automatic and detailed electronic data capture of client-related and vital signs information, and of device operational data. The IEEE 11073 standards have been developed with a high level of international participation. They have been, and continue to be, adopted as International Organisation for Standardisation (ISO) standards through ISO TC215 Health Informatics and as European standards through the Committee for European Normalisation (CEN) TC251 Health Informatics, specifically as the CEN ISO/IEEE 11073 series. The end result is a single set of internationally harmonized standards that have been developed and adopted by ISO and CEN member countries.
The IEEE Internet Initiative, launched in 2015, also supports and facilitates the development of open standards to address cybersecurity and privacy challenges. It works to connect engineers, scientists, industry leaders, and others engaged in an array of technology and industry domains globally, with policy experts to help improve the understanding of technology and its implications and impact on Internet governance issues. By utilizing synergies among its global technical community from many related areas of industry knowledge and expertise, IEEE works to convene neutral platforms for dialog to help address the policy issues related to Internet governance, cybersecurity and privacy.
Another IEEE-SA project underway is IEEE P2413TM – Standard for an Architectural Framework for the Internet of Things (IoT). This overarching architectural framework includes standardization efforts in all the various vertical markets, including medical, in order to integrate them into a larger framework of objects and architecture references, and to better align sensors and IoT devices in a dynamic interoperable system level architecture.
Wearable technology is enabling new and innovative healthcare options, and making a considerable impact on how patients will be treated by their healthcare providers today and for the future. The technology is generally recognized as something that can be leveraged in a number of ways and that can improve healthcare outcomes with the added benefit of reducing healthcare costs across the board. The work being done today to ensure the interoperability of medical devices and other wearable technology, as well as in applying appropriate security measures to protect individual privacy, is helping set the stage for a more advanced and effective medical infrastructure that is evolving to better serve patients around the world.