Micki Boland is a global cyber security expert and evangelist with Check Point Software Technologies’ Office of the CTO. Micki has over 20 years in ICT, cyber security, emerging technology and innovation. Micki’s focus is helping customers, system integrators, and service providers reduce risk through the adoption of emerging cyber security technologies. Micki is an ISC2 CISSP and holds a Master of Science in Technology Commercialization from the University of Texas at Austin, and holds an MBA with a global security concentration from East Carolina University.

In this interview, Check Point’s security expert Micki Boland discusses the influx of IoMT within healthcare, whether or not it has added value to patient care, and new security considerations for healthcare IT teams. Plus, can you secure IoMT with an IoT solution? Find out.

Did you miss part 1 of this interview series? Click here.

What kinds of IoMT devices have been added to healthcare systems in order to contend with coronavirus-related issues? 

The Covid-19 pandemic greatly expanded the use of IoMT, it transformed existing technologies, accelerated the development of new devices, and rapidly scaled up adoption of these devices to deal with the pandemic response: Drones for Covid-19 surveillance and medical supply delivery; robots for Covid-19 testing; cold chain logistics sensors; infrared temperature sensors; face recognition cameras; infrared scanners and cameras; and a host of human wearable “sensor” devices.

Have they led to better health outcomes?

The NIH, NCIB, DHS, and CDC all tout that Covid-19 pandemic IoMT advances have yielded better health outcomes. Covid-19 related IoMT devices and applications collect massive datasets in cloud data lakes and cloud data analytics provide classification and predictive modeling to aid healthcare decision making, bioinformatics and epidemiology. The general consensus seems to be that Covid-19 inspired IoMT is now shaping the future of healthcare and yielding significant benefits for patients, clinicians, providers and payers. It seems this Covid-19 pandemic IoMT push has accelerated IoMT growth. For example, in April of 2021, Marketwatch projected IoMT growth of USD 142.45 billion by 2026 with CAGR of 28.9%.

Most common IoMT-cloud integration issues?

Most of the IoMT cloud integration issues will come from the learning curve and organizational resources, training, and GRC perspectives involved in truly understanding the risk of moving into cloud infrastructure and services and new areas of need. For some healthcare groups, medical organizations and innovative healthcare startups and service providers, leveraging IoT/IoMT reference architecture in the cloud provides the ultimate in innovation, agility, automation, scale and resiliency. The IoMT technology can be approached as a new and separate line of business or business function. For the cloud component of IoMT, PHI/PII protection of bioinformatics and patient data, encryption everywhere, least permission, strong IAM controls, MFA everywhere, strong key management and continuous compliance enforcing enterprise GRC compliance frameworks (HIPAA, HiTech, PCI, NIST) is absolutely required. The cloud providers offer any service needed, including data laking and data analytics as a service.

The cloud infrastructure and cloud compute, storage, networking, and services provide ultimate flexibility, resiliency and data protection, pay as you go, scale as you grow, and multi-cloud integration including data center extensibility from ground to cloud. And third-party cloud provider integration partners make IoMT cloud worth the effort to analyze the risk and invest in expertise. These customers need a strong cloud integrator and cloud cyber security partner.

To protect IoMT, should organizations invest in a security solution that is IoMT specific, or can a solution like Quantum IoT Protect provide adequate coverage?

To protect IoMT, organizations need to involve people, processes, and technology.  IoMT technology cyber security and privacy range from the devices themselves, to application software, to communication networks, to cloud infrastructure and services. Organizations need a multi-layered, generation 5 cyber security platform technology that provides end-to-end cyber security for all enforcement points, whether physical or cloud, mobile, smart device, sensor, laptop, tablet endpoint devices…etc. For IoMT, there are also human-resource and processes areas that need to be tightened up as well, including a least effective permissions approach, strong identity and access management, implementing network segmentation, zero trust networks or building out separate IoMT infrastructure and networks. Quantum IoT Protect is a huge part of the Check Point Infinity platform that extended these generation 5 cyber security protections all the way to the IoT/IoMT device itself.  IoMT device security and safety can present a challenge, especially due to limited compute and low power on these devices. Thus, an integrated lightweight security “middleware” is appropriate and necessary.

Might a more comprehensive solution, like Quantum IoT Protect, be an even better deal than a traditional IoMT security solution?

The IoMT ecosystem must adhere to strict security and privacy specifications. So many now infamous IoT/IoMT attacks and vulnerabilities (Mirai IoT botnet, Gafgyt, St. Jude cardiac IoMT, Owlett WiFi baby heart monitor, web cam takeovers) targeted loose or inadequately coherent security controls, namely access control, data confidentiality, integrity, authenticity, and availability. The current strategy for cyber security methods involves key management, intrusion detection, authentication, access control, encryption, and privacy.  Adding the new dimension of cloud infrastructure, cloud computing, cloud data laking and cloud data analytics requires a comprehensive enterprise class cyber security architecture.

At the device, level smart devices, such as IoMT sensors and running IoMT health applications, we must include privacy requirements, especially with contact tracing and movement control, which must be protected against leaks to third-parties and unauthorized applications and service providers. IoMT users have to develop trust for the centralized servers where PHI is uploaded, collected, stored and analyzed. IoMT devices also need to support decentralized approaches, where the device provides real-time local telemetry data to be offered to nurses, doctors, clinicians, and medical systems. This can potentially be provided with blockchain technology.

Blockchain technology could help improve the privacy of IoMT data, as it adopts a naturally decentralized architecture and secure transactions with cryptographic encryption, creates immutable reliable trust and easy device identification of its owns unique identifiers. However, blockchain has its own drawbacks if connected locally to untrusted Wi-Fi networks.