Thales, vendor of information systems, cybersecurity and data security, and Device Authority, provider of identity and access management (IAM) for the internet of things (IoT), announced this week a jointly developed solution to ensure the authentication of IoT devices and the confidentiality and integrity of the data they rely on – giving both healthcare professionals and their patients the confidence to adopt these new technologies.
The new solution from the partnership integrates Device Authority’s KeyScaler platform with the Thales nShield Connect hardware security module (HSM). This provides high-assurance device authentication at IoT scale, managed end-to-end encryption to meet compliance requirements and certificate provisioning for healthcare and other connected devices. The solution will authenticate any new device hardware and establish a strong root of trust and identity on the network.
The solution then provides additional security operations, such as issuing a security token that the device can use to validate itself to other IoT platforms, or provide a unique device key and certificate.
The KeyScaler platform delivers automation for critical credential management processes, in addition to tokenized access control and policy-based encryption for data, in transit and at rest. The solution is currently being piloted with medical devices.
The IoT market in healthcare, otherwise known as ‘Connected Health’, has boomed in recent years with forecasts predicting it will reach $612bn by 2024. IoT devices have enabled new services from remote diagnosis to disease and lifestyle management via mobile apps to medical device integration. It has transformed the way healthcare is provided, creating both a better level of care and operational efficiencies.
However, the healthcare industry is regularly targeted by cybercriminals, with 70 percent of healthcare organizations around the world having experienced a data breach according to the 2018 Thales Data Threat Report. As new technologies are adopted by the healthcare industry, they provide new opportunities for cybercriminals – and the risks are high.
“IoT is transforming the healthcare industry and the way healthcare is provided,” said Darron Antill, chief executive officer of Device Authority. “When you look at medical devices it’s imperative that the right data files from the right consultant go to the right device to instruct it to perform the right procedure, or administer the precise amount of medication, for the correct patient – and there must be no question at any point over the integrity of the data or the medical device. This solution will bring a new level of assurance to both healthcare professionals and patients that the technology being implemented is secured and all data transferred is safe from compromise.”
“Every day we are seeing how technology in healthcare is helping improve the care that patients receive. However, we have also seen that the healthcare industry is regularly under threat from cybercriminals,” said Cindy Provin, Chief Executive Officer of Thales eSecurity. “Our partnership with Device Authority enables us to solve the device authentication, integrity and data privacy challenges that are impeding IoT deployments, by creating a hardened system for issuing and managing device credentials and keys that are essential to creating a root of trust and enhancing patient safety for customer IoT projects.”