The trusted source for
healthcare information and
A draft report from the National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce, examines cybersecurity vulnerabilities and privacy risks related to the medical devices on the internet of things (IoT).
“Many organizations are not necessarily aware they are using a large number of IoT devices. It is important that organizations understand their use of IoT because many IoT devices affect cybersecurity and privacy risks differently than conventional IT devices do,” according to the draft report, titled “Considerations for Managing IoT Cybersecurity and Privacy Risks.” (More information on the report is available online at: https://bit.ly/2CMk8l9.)
Many organizations are not aware they are using such a large number of IoT devices, the report says.
“It is important that organizations understand their use of IoT because many IoT devices affect cybersecurity and privacy risks differently than IT devices do,” the draft report says. “Once organizations are aware of their existing IoT usage and possible future usage, they need to understand how the characteristics of IoT affect managing cybersecurity and privacy risks, especially in terms of risk response.”
NIST recommends three risk mitigation goals:
• Protect device security to prevent a device from being used to conduct attacks, eavesdrop on network traffic, or compromise other devices on the same network segment.
• Protect data security by securing the confidentiality, integrity, and/or availability of data collected by, stored on, processed by, or transmitted to or from the IoT device.
• Ensure individuals’ privacy impacted by processing of personally identifiable information beyond risks managed through device and data security protection.
Each of the risk mitigation goals requires addressing a set of risk mitigation areas, the NIST report says.
Financial Disclosure: Author Greg Freeman, Editor Jill Drachenberg, Editor Jesse Saffron, Editorial Group Manager Terrey L. Hatcher and Nurse Planner Kay Ball report no consultant, stockholder, speaker’s bureau, research, or other financial relationships with companies having ties to this field of study. Consulting Editor Arnold Mackles, MD, MBA, LHRM, discloses that he is an author and advisory board member for The Sullivan Group and that he is owner, stockholder, presenter, author, and consultant for Innovative Healthcare Compliance Group.