The Internet of Medical Things (IoMT) allows machine to machine interaction and real-time intervention solutions that have the capability to radically modify healthcare, enhancing delivery, expenditure, and reliability. As in the digitization of any industry, the same connectivity that drives significant value simultaneously heightens security and privacy risks. The main threats fall in two categories: personal data theft and intentional disruption and device tampering.
UK and California based Device Authority’s KeyScaler platform provides solutions which can prevent and protect against the security and safety challenges for connected medical devices (both online and offline). The company offers a security model for patient safety, a unified trust model with device and data trust at its core. Built to help organizations protect credentials and data on devices, KeyScaler also aligns with key regulatory compliance (e.g. HIPAA and GDPR) and can be adaptable to business and customer requirements quickly. Today, productized solutions have been built for multiple use cases with leading vendors such as PTC, nCipher Security, AWS, Microsoft Azure, DigiCert, HID Global and Sectigo.
Device Authority’s journey in the Internet of Medical Things, or Healthcare IoT, started in 2016 when engaging with a medical device manufacturer who was connecting their devices to the internet to provide remote patient monitoring services. Since then, the company has had more medical device related opportunities which they are working on with large global organizations, to solve their security and safety challenges.
KeyScaler delivers secure device registration and provisioning, policy-driven credential delivery and management, and end-to-end device derived cryptography for data in transit and at rest across networks and cloud services. KeyScaler addresses core security vulnerabilities and delivers comprehensive IoT security automation at scale, with active security posture enforcement.
In an instance, the GCE Group who designed and manufactured a portable oxygen concentrator Zen-O, allowing patients with respiratory disorders to manage their oxygen treatment better remotely. They worked with UK-based system integrator InVMA to build a custom IoT application using PTC’s ThingWorx platform which allows patients, doctors and service providers to carefully monitor data, whenever and wherever they are. However, they faced challenges like having strong mutual trust and authentication between the Zen-O device and ThingWorx servers/applications and following sensitive information all the way from the device to the ThingWorx platform and ultimately the end user application. Device Authority’s KeyScaler platform provides a strong root of trust, securing the medical devices’ identity and offers an automated approach for registering and authenticating devices to KeyScaler at IoT scale. Data is encrypted from the medical device, in transit and persists encrypted at rest in the ThingWorx IoT platform, all defined and controlled by policy and the customer.
According to Darron Antill, the CEO of Device Authority, a lot of the publicized attacks involved default passwords on devices, which often are never changed by the manufacturer, service provider or owner of the device. Device Authority has a simple fix for this – automated password management, which automatically sets and manages local account passwords from manufacturer default on devices. Password rotation policies are enforced which dramatically reduces the attack surface of using static passwords. In addition, Device Authority delivers policy-driven encryption/data security to protect personal health information. Should there be a breach, the data won’t be exposed. Device Authority’s mission is to secure and protect medical devices to deliver a safer healthcare environment.
Darron knows 2019 will be a breakthrough year for Device Authority. “We continue to improve our KeyScaler platform and recently launched our Blockchain solution which leverages KeyScaler to prevent authorized access and protect private keys and crypto keys. For the days to come we will continue to focus on what we do best – security for connected medical devices,” says Darron.