Evaluating Medical IoT (MIoT) Device Security using NISTIR-8228 Expectations

04/07/2021
by   Thomas P. Dover, et al.
0

How do healthcare organizations (from small Practices to large HDOs) evaluate adherence to the cybersecurity and privacy protection of Medical Internet of Things (MIoT) used in clinical settings? This paper suggests an approach for such evaluation using National Institute of Standards and Technology (NIST) guidance. Through application of NISTIR 8228 Expectations it is possible to quantitatively assess cybersecurity and privacy protection, and determine relative compliance with recommended standards. This approach allows organizations to evaluate the level of risk a MiOT device poses to IT systems and to determine whether or not to permit its use in healthcare/IT environments. This paper reviews the current state of IoT/MiOT cybersecurity and privacy protection using historical and current industry guidance best-practices; recommendations by federal agencies; NIST publications; and federal law. It then presents similarities and differences between IOT/MiOT devices and "traditional" (or classic) Information Technology (IT) hardware, and cites several challenges IoT/MiOT pose to cybersecurity and privacy protection. Finally, a practical approach to evaluating cybersecurity and privacy protection is offered along with enhancements for validating assessment results. In so doing it will demonstrate general compliance with both NIST guidance and HIPAA/HITECH requirements.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
01/10/2022

An Example of Privacy and Data Protection Best Practices for Biometrics Data Processing in Border Control: Lesson Learned from SMILE

Biometric recognition is a highly adopted technology to support differen...
research
07/18/2020

ML Privacy Meter: Aiding Regulatory Compliance by Quantifying the Privacy Risks of Machine Learning

When building machine learning models using sensitive data, organization...
research
01/08/2019

Designing Data Protection for GDPR Compliance into IoT Healthcare Systems

In this paper, we investigate the implications of the General Data Priva...
research
04/28/2023

A Systematization of Cybersecurity Regulations, Standards and Guidelines for the Healthcare Sector

The growing adoption of IT solutions in the healthcare sector is leading...
research
03/27/2021

A Synergistic Approach to Digital Privacy

This paper outlines an approach for IEEE to take leadership for digital ...
research
06/19/2020

On the Principle of Accountability: Challenges for Smart Homes Cybersecurity

This chapter introduces the Accountability Principle and its role in dat...

Please sign up or login with your details

Forgot password? Click here to reset