< 1 min read

Government must get certification out of health IoT security: Intel Security

Security & PrivacyIntel Security

Governments should not force certification onto smart medical device manufacturers and should instead encourage private companies to collaborate on data protection, according to Intel Security.

In a recent report called “The Healthcare Internet of Things – Rewards and Risks,” the security vendor recommended that aside from raising awareness around the need to address vulnerabilities in smart personal medical devices, governments should take a backseat to companies that would collaborate on security.

“If a device has to meet certifications, it would delay improved healthcare for patients,” said Pat Calhoun, senior vice president and general manager of network security at Intel Security.

He cited the example of the American Food and Drug administration, which has clarified its position saying its review is not “usually” needed when a manufacturer wants to address a device vulnerability and that healthcare organizations must “rely on the advice of medical device manufacturers.”

“We have to make sure we don’t hinder improved outcomes for patients,” Calhoun said.

This is not to say that companies get a free pass, according to Calhoun, who said that those who don’t take security seriously will not stay in business.

Instead, he recommends that device manufacturers who may not have security expertise collaborate with companies such as Intel which would also help create a more standardized approach across different vendors.

The report further emphasized that if IoT in healthcare were widely adopted, countries worldwide could save $63 billion in costs over fifteen years, with the largest savings stemming from hospital equipment and patient throughput.

“We believe that regulation isn’t the right way to solve the problem, but rather, making it simpler for manufacturers,” Calhoun said. “The good news is that… we’re seeing the manufacturers taking security more seriously.”