Connected technology is increasingly becoming an integral part of our everyday lives. From thermostats that monitor our behavior and automatically adjust the temperature inside our homes based on our activity patterns to wearable devices that track our movements and encourage us to lead a more active lifestyle, these Internet of Things (IoT) devices are becoming more prevalent in all aspects of our society. While IoT adoption in healthcare has been limited, it is picking up the pace of late. Of course, there are a myriad of risks and challenges associated in bringing these devices into an enterprise or providing them to patients.
The challenge of securing data and complying with a variety of regulations is nothing new in today's world, but the presence of IoT provides another vector for attack. Many early connected devices have proven to be a fertile ground for malicious activity. While security is becoming an increasing priority for connected device manufacturers, it is still a high-risk area. This is especially important in the healthcare arena where the devices can hold sensitive patient data or be critical to patient care.
"An increasing number of connected devices will continue to push the boundaries of an organization’s people and infrastructural capabilities"
Some personal devices that appear harmless on the surface can become problematic even if they are not connected to corporate infrastructure. A compromised camera in a patient care environment could create a difficult situation for an organization. It is completely conceivable that the owner of the device would not even realize it included a camera or that it was capable of being accessed remotely.
The breadth of functionality these devices provide and the speed at which they are appearing can also prove challenging. Some devices, such as environmental monitors, will fall neatly into an organizational area of responsibility, but with others it may not be clear who is responsible for maintaining the security of the device.
Managing clinical data has never been an easy task. Data sets tend to get large quickly and privacy and security requirements further complicate the situation. With a flood of data gathering devices coming to market, we should expect this data to grow substantially and this growth will create two significant challenges. First, acquiring data from a diverse set of devices without consistent interoperability standards can be labor intensive if not managed properly. Second, once the data is available, determining how to present it in a meaningful and consumable way can lead to an endless loop of iterations.
In order to answer these challenges there are several initiatives IT professionals can take to prepare for success:
• Ensure that teams maintain an open mind about adoption of IoT devices. Presenting an open mind allows a greater chance to get involved early to guide and manage the adoption process. Many devices are far too easy to bring into the environment without the knowledge of the technology team and that is a possibility which needs to be avoided in all cases.
• Help security teams get visibility to assess the risk of new devices in the environment. Keep this process as easy as possible for internal customers so they are not discouraged from bringing them to the attention of IT. Ensure security teams understand how to assess the challenges presented by these devices. Take a risk based approach that applies a level of scrutiny commensurate with the risk profile for the device.
• Drive awareness throughout the organization regarding the challenges associated with connected devices. Too many people are simply unaware of how these devices work and the risks they represent. This is especially true for devices that are primarily used clinically. Creating a broadly shared organizational awareness will be the greatest challenge.
• Clearly assign who is responsible for managing the adoption of these devices and broadly communicate it to internal customers.
• Ensure the organization has the infrastructure and the right people to handle the influx of data. This is much more than an exercise in data capacity and storage. Now is the time to prepare the software and expertise required to accept an influx of data from a wide variety of sources, store it in an appropriate way, derive insight from the data and present it in an accessible and consumable manner, so that it will benefit the audience. When the data is clinical in nature, be sure to get the appropriate expertise to the table early. Handling this data in a meaningful way is the most complex element of the process and is not something that will easily be accomplished reactively.
Ultimately, success in these initiatives will be tied to preparedness from both an organizational and a technological perspective. An increasing number of connected devices will continue to push the boundaries of an organization’s people and infrastructural capabilities. IT professionals must continue to be ahead of the curve in order to ensure that new technology is incorporated safely and effectively.