IoT medical devices security vulnerabilities affects many different types of in-hospital equipment including diagnostic equipment (e.g., MRI (Magnetic Resonance Imaging) machines and CT (Computerized axial Tomography) scanners), therapeutic equipment (e.g., infusion pumps and medical lasers) life support equipment (e.g., heart support machines), internet-connected devices for monitoring patients vital signs (e.g., thermometers, glucometers, blood pressure cuffs, wearables), as well as novel, intelligent and disruptive devices which can keep track of medication schedules (e.g., GlowCap outlets and AdhereTech wireless pills).
The Internet-of-Things (IoT) is gradually realizing a radical transformation of healthcare services based on the deployment of numerous medical devices, which already represent a considerable segment of the billions of internet-connected devices that are nowadays available.
These devices are used in conjunction with mobile terminals (e.g., tablet computers, smart phones) which enable health professionals both to configure them and to visualize their data. Moreover, several IoT applications integrate RFID tags, as a means of uniquely identifying and associating with each other devices, patients, doctors, drugs, prescriptions and other artifacts engaging in the care service provisioning process. While several of the above listed devices can be deployed in the patients’ homes, the majority of them are deployed in the hospital environment.
In principle, IoT technologies enable the processing of data and the orchestration of services from all these devices in order to facilitate health professionals to access accurate and timely information about the patients’ status, but also to configure disease management processes for prognosis, diagnosis and treatment. Beyond disease management, the deployment of medical devices in the hospital can be also used to boost the efficiency of hospital operations.
As a prominent example, the continuous monitoring of medical devices can serve as basis for reducing their downtime. Likewise, devices emit notifications that can trigger proactive maintenance and replenishment of supplies. Furthermore, information from medical devices can be exploited in order to optimize resources utilization and patient scheduling. Based on these processes, healthcare will become a setting that will annually contribute over $1 trillion to IoT’s business value by 2030, as projected by a recent report of McKinsey Global Institute.
The expanded use of IoT medical devices in hospitals raises serious privacy and security challenges, given the proclaimed and widespread vulnerabilities of wireless devices. IoT medical devices security vulnerabilities has always been a concern for applications, but in the case of healthcare it is a matter of life and death. Indeed, beyond compromising patient’s data confidentiality, security vulnerabilities can have life-threatening implications, as IoT devices are used to control medication or even to drive surgical interventions and other therapeutic processes.
Since commands to several devices are transmitted wirelessly, hackers can invade the wireless network in order to gain control over devices and transmit unauthorized commands with fatal results. For instance, a malicious attack against an insulin pump can lead to a wrong dose to a diabetes patient. As another example, the hacking of an electrical cardioversion device could instigate an unnecessary shock to a patient.
There is a host of different IoT medical devices security vulnerabilities easily include a non exhaustive list of common attacks includes:
Hackers can easily discover such passwords in order to gain access to device configuration information. Moreover, in several cases, hackers are also able to control the device and use it to launch more advanced attacks.
Poor Security Patching: Some medical devices are poorly patched, either because some patch has not yet been deployed on the device or because the device runs an “old” operating system (e.g., an older version of Windows or Linux). Poorly patched devices are vulnerable to malware and other attacks, which makes them an easy target for hackers.
Denial of service attacks: Medical devices are usually lightweight and resource constrained, which makes them susceptible to denial of service attacks. The transmission of simultaneous requests to the device can cause it to stop, disconnect from the network or even become out of order.
Unencrypted data transmission: It’s quite usual for attackers to monitor the network in order to eavesdrop and steal passwords. The transmission of unencrypted data can therefore ease their efforts to gain access to the device in order either to extract information or even exploit the device for transmitting malicious commands.
Most of the medical devices are Wi-Fi enabled, which renders Wi-Fi the technology that carries the vast majority of the traffic that is exchanged between medical devices. However, Wi-Fi networks are conspicuously associated with IoT Medical Devices security vulnerabilities , which make them the weak link. For example, the WEP (Wireless Encryption Password) mechanisms that empower Wi-Fi security are weak, as WEP passwords can be easily stolen.
This can accordingly enable hackers to launch attacks based on the sniffing of unencrypted traffic. In order to alleviate WEP problems, IEEE and the Wi-Fi community have specified and implemented Wi-Fi standards and protocols (e.g., WPA2, WPA2-PSK (TKIP/AES)) with much stronger encryption capabilities. Nevertheless, not all medical device vendors provide proper support for these standards, putting the operation of devices and their interoperability with others at risk.
In recent years, special emphasis has been given in producing standards and best practices for securing wireless medical devices, on the basis of the implementation of appropriate authentication and encryption mechanisms.
This has led to the specification of IEEE 802.1X, which is a ratified IEEE standard for network access control. 802.1X is flexible and supports a variety of Extensible Authentication Protocol (EAP), including EAP with Transport Layer Security (EAP-TLS) and Advanced Encryption Standard (AES) encryption. The latter provides two-way authentication between devices based on the installation and use of X.509 certificates.
The vision of IoT enabled hospital care cannot be realized without very strong security. CIOs and IT managers of healthcare services providers cannot therefore afford to treat security investments with caution, in an effort to reduce budgets which could ignoring low-probability risks.
Rather, they should adopt a holistic approach to securing medical devices and their operation, spanning technology, processes and security policy aspects.
At the technological forefront, latest Wi-Fi technologies offering strong security and encryption features should be deployed and tested.
This may involve purchasing technologically advanced equipment and testing it in terms of security features, configuration problems, wireless stability and more. There is also a need for medical engineering processes in order to ensure that IoT-enabled process provide high security levels.
IoT medical devices security vulnerabilities is particularly important in the case of the trending BYOD (Bring Your Own Device) services, which involve the deployment and use of third-party devices as part of healthcare processes.
Moreover, as part of the holistic security approach, hospitals must tweak their security policies in order to keep up with IoT-related technological developments.
The right technology, the proper processes and an IoT-aligned security policy provide a sound basis for hospitals to adhere to security and privacy regulations, to avoid relevant liabilities and ultimate to maximize returns on their IoT investments.
The NextGen Executive Search medical devices recruitment team is intimately familiar with the newest FDA regulations, market trends, and the design of EMR / EHR clinical integrated systems, diagnostics, imaging, IV infusion therapies, in-hospital monitoring, and implantables. Our executive search firm also leads in IoT and wireless recruitment services. We identify and develop candidates so that in the shortlist we deliver to clients those who not only meet, but exceed your expectations. We target only "A players" who produce 8 to 10 times more than "B players, backed by an industry leading 12 to 36 month replacement guarantee. For more information on medical devices recruitment process or to speak with the medical devices executive search practice lead, click on the image below.
The growth of the Internet-of-Things (IoT) paradigm begs the question if blockchain technology securing IoT infrastructure properly or not? Currently propelled by an unprecedented increase in the number of internet-connected devices. Even though the Cisco’s 2011 projection about 50 billion devices in 2020 is not ending up being very accurate, more recent estimates by Gartner and IHS confirm the tremendous growth of the number of IoT devices.
The need to support billions of devices in the years to come is inevitably pushing IoT technologies to their limits. Despite significant progress in blockchain technology, the specification and implementation of IoT technologies for identification, discovery, data exchange, analytics and security, the future scale of IoT infrastructure and services is creating new challenges and ask for new paradigms.
As a prominent example, IoT security is usually based on centralized models, which are centered round dedicated clusters or clouds that undertake to provide authentication, authorization and encryption services for IoT transactions. Such centralized models are nowadays providing satisfactory protection against adversaries and security threats.
Nevertheless, their scalability towards handling millions of IoT nodes and billions of transactions between them can be questioned, given also recent IoT-related security attacks which have manifested the vulnerabilities of existing infrastructures and illustrated the scale of the potential damage.
In particular, back in October 2016, a large scale Distributed Denial of Service (DDoS) attack took place, which affected prominent Internet sites such as Twitter, Amazon, Spotify, Netflix and Reddit. The attack exploited vulnerabilities in IoT devices in order to target the infrastructures of dyn.com, a global infrastructure and operations provider, which serves major Internet Sites.
The incident is indicative of the need for new IoT security paradigms, which are less susceptible to attacks by distributed devices and more resilient in terms of the authentication and authorization of devices. In quest for novel, decentralized security paradigms, the IoT community is increasingly paying attention to blockchain technology, which provides an infinitely scalable distributed ledger for logging peer to peer transactions between distrusted computing nodes and devices.
Most of the people that are aware of the paradigm to blockchain technology securing IoT perceive it as the main building block underpinning cryptocurrencies such as the well-known BitCoin. Indeed, the main characteristic of Bitcoin transactions is that they are not authenticated by a Trusted Third Party (TTP), as is the case with conventional banking transactions. In the case of the BitCoin, there is no central entity keeping track of the ledger of interactions between the different parties as a means of ensuring the validity of the transactions between them. Instead, any transaction occurring between two parties (e.g., A paying 1 Bitcoin to B) is kept in a distributed ledger, which is maintained by all participants of the BitCoin network and which is empowered by blockchain technology. Among the merits of this distributed ledger approach is that it is very scalable and more robust when compared to traditional centralized infrastructure.
This is due to the fact that the validation of transactions is computationally distributed across multiple nodes, as well as due to the fact that the validation requires the consensus (“majority vote”) of the whole network of communicating parties, instead of relying on a centralized entity. In this way, it is practically impossible for an adversary to attack the network, since this would require attacking the majority of nodes instead of one or a few parties.
The scalability and resilience properties of the blockchain approach have given rise to its applications in other areas such as electronic voting or IoT transactions. The principle remains the same: Transactions are logged in the distributed ledger and validated based on the majority of nodes, even though in the case of voting and other transactions Bitcoin units are replaced by votes or credits. This results in a trustful and resilient infrastructure, which does not have a single point of failure.
Based on the above principle, blockchain is deployed as an element of IoT infrastructures and services, which signifies a shift from a centralized brokerage model, to a fully distributed mesh network that ensures security, reliability and trustworthiness. Blockchain technology securing IoT infrastructure facilitates devices to authenticate themselves as part of their peer-to-peer interactions, while at the same time increasing the resilience of their interactions against malicious adversaries. Moreover, this can be done in a scalable way, which scales up to the billions of devices and trillions of interactions that will be happening in the coming years.
The development of secure mesh IoT networks based on blockchain technology is no longer a theoretical concept. During the last couple of years several companies (including high-tech startups) have been using blockchain technology in order to offer novel IoT products and services. The most prominent implementations concern the area of supply chain management. For example, modum.io is applying blockchain in the pharmaceuticals supply chain, as means of ensuring drug safety.
The company’s service uses the blockchain technology in order to log all transactions of a drug’s lifecycle, starting from its manufacturing to its actual use by a health professional or patient. Recently, the retail giant Wal-Mart Stores Inc. has announced a food products track and trace pilot based on blockchain technology. The pilot will document all the steps associated with tracking and tracing of pork, from the farm where the food is grown, to the supermarket floor where it is shipped. This pilot is a first of a kind effort to validate the merits of the blockchain outside the scope of the financial services industry.
Beyond supply chain implementations, novel products are expected to emerge in the areas of connected vehicles, white appliances and more. Several of the applications are expected to benefit from blockchain’s ability to facilitate the implementation of monetization schemes for the interaction between devices. In particular, as part of blockchain implementations, sensors and other IoT devices can be granted micropayments in exchange of their data.
The concept has already been implemented by company tilepay, which enables trading of data produced by IoT devices in a secure on-line marketplace. At the same time, cloud-based infrastructures enabling developers to create novel blockchain applications are emerging. As prominent example Microsoft is providing a Blockchain-as-a-Service (BaaS) infrastructure as part of its Azure suite.
Overall, blockchain technology is a promising paradigm for securing the future IoT infrastructures. Early implementations are only scratching the surface of blockchain’s potential. We expect to see more and more innovative products in the next few years.
In this direction, several challenges need also to be addressed, such as the customization of consensus (i.e. “majority-voting”) models for IoT transactions, as well as efficient ways for carrying out the computationally intensive process of transaction verification. Solutions to these challenges will certainly boost the rapid uptake of this technology in the IoT technology landscape.
Now that we are fully engrossed in the cyber age, there are rapid advances across the board for all things connected to the Internet and cyber security for IoT medical devices is no exception.
These devices, often called “The Internet of Things,” or IoT, has certainly made much of life much easier. For the medical profession, it has certainly become a simple, safe and easy way to monitor patients away from a clinical setting.
This is all fine and good, but there is a fundamental question of IoT that needs answering: Are these safe and secure when away from a closed environment?
This article is going to address the issues home devices face and possible ways to prevent cyberattacks and/or hacking.
The number one concern of healthcare professionals looking at and addressing potential problems is the HIPAA. This protection act of 1996 means patients under the care of physicians have a reasonable expectation of privacy and are protected under a patient/medical professional relationship. IoT’s are free from human intervention by and large.
This means the patient carrying the device is completely removed from interacting with it on any level. Most of the devices are used strictly for monitoring, data collection and medical dispensing.
They are passive because the medical professionals are looking for a true a baseline as possible and is only effective when the patient is at ease with or completely unaware of the device. This lack of concern in cyber security for medical devices is the problem.
ISSUES AT STAKE
The information transmitted, no matter how insignificant at the time, could be used to gain identity information. The IoT’s are often coded to the patient with a name, number and medical coding information. All that would be needed is access to the information on the device, and personal, private information is available. This includes social security numbers, medical information and possible fiscal information to boot. This compromised information is enough to wreak havoc on a medical practice, hospital or medical equipment distributor – if not all of them in conjunction – all because of a HIPAA violation.
While computers have software to keep them from attacks, these medical devices do not. There is scant little that can be done if malfeasance is intended. A skilled and determined computer hacking specialist with the understanding of IoT’s can quickly and easily undermine its basics. Doing so would cause serious issue with the medical professional monitoring the patient and for the patient, who could, as a result, receive incorrect treatments and/or medications. Unable to track the information back to a source, this could potentially open a flood of medical malpractice suits, and there would be little the medical professional could provide as a substantial defense.
Medical administration in conjunction with information teams and network security specialists should realize there needs to be a move from the “Internet of Things” to “Security of Things” to protect themselves, their practices and patients from hacking. There are a few things that could be considered.
Safe and secure encryption should be on the forefront. As more and more medical practices move from paper to online and cloud patient records, the same can be said for IoT’s. Signed contracts with network encryption professionals about software and the devices themselves should be a first step. Each contract to include audits, verifications and regular testing to ensure the validity and security of the data on the IoT.
A Holter monitor is one of these IoT’s. Its purpose is to collect a 24 hour EKG for cardiac patients in various settings for the best possible heart function in normal settings. The contract should provide for each device to collect only the necessary information and nothing more. Systems that download, read or output the information is additionally a part of the contract.
To address needed cyber security for medical devices, the device should be built in a such a way that any tampering of any sort is quickly noticed and/or built in such a way that the device immediately informs the medical professionals. Patient contracts protecting the device is also a sound idea.
The physical security of the device itself also should not be overlooked. The device should be configured to prevent data storage media from being accessed or removed, and the device itself should not be easily disassembled. In short, building a strong security to protect data during transmission is undercut if the data can be removed from the device itself.
No one but a medical professional can dispense medical advice, so only those who will be reading the results need access to the data contained thereon. All information should only be retrieved under a secure server under select passwords. Focusing on cyber security for IoT medical devices, only the absolutely necessary individuals outside of those interpreting the data need access to any element of the entire procedure.
Proper training for every step only makes sense. All medical professionals are bound under an ethics code with severe penalties for infringement.
There have not yet been any serious attacks on medical IoT’s. When will it happen is the question. Ideally, every possible step should be covered; however, there is no guarantee of anything until an attack. What are your thoughts and opinions on the issue of cyber security for IoT medical devices, and what steps in addition to those mentioned would be a necessary part?
Click the image below to review the experience, case studies and client testimonials, and an overview of why companies large and small choose NextGen Global Executive Search as their preferred retained search and engagement search vendor. Our medical tech practice includes medical devices such as infusion therapies, blood separation, dialysis, surgical monitoring, IV fluids, imaging, electronic health records, and IoT data and devices.
Embedded Wireless devices, once thought to be too small to include their own security, undergo a more thorough analysis beginning with firmware testing. The software inside the chip is just as important as the application controlling it. Both need to be tested for security and quality. Some of the early IoT botnets have leveraged vulnerabilities and features within the device itself.
"Embedded wireless devices really are one of the most common devices on the Internet, and the security of these devices is terrible." Those were the words of network security expert H.D. Moore, the developer of the penetration testing software Metasploit Framework, when discussing an illicit attempt to survey the entire internet.
Dan Goodin of Ars Technica tells the tale of a guerilla researcher who collected nine terabytes of data from a scan of 420 million IPv4 addresses across the world. "The vast majority of all unprotected devices are consumer routers or set-top boxes which can be found in groups of thousands of devices,” wrote the anonymous researcher in his 5,000-word report. "A lot of devices and services we have seen during our research should never be connected to the public Internet at all."
Hackers can do a lot of damage, and with billions of IoT devices forecast to be connected in the next few years, embedded devices security should be more than an afterthought.
In 2015, two white hat hackers demonstrated that they could break into late model Chrysler vehicles through the installed UConnect, an internet-connected feature that controls navigation, entertainment, phone service, and Wi-Fi.
By rewriting firmware on a chip in an electronic control unit (ECU) of a Jeep Cherokee, they were able to use the vehicle’s controller area network (CAN) to remotely play with the radio, windshield wipers, and air conditioning -- even kill the engine.
The cybersecurity risks are real. Alan Grau writes on the IEEE Spectrum website about three significant incidents affecting the health care industry. A report by TrapX Labs called “Anatomy of an Attack–Medical Device Hijack (MEDJACK)” describes how hackers were able to target medical devices to gain entry to hospital networks and transmit captured data to locations in Europe and Asia. “Stopping these attacks will require a change of mindset by everyone involved in using and developing medical devices,” says Grau.
Another notorious embedded wireless devices security intrusion is described in an article on The Verge, “Somebody's watching: how a simple exploit lets strangers tap into private security cameras” . Strangers were able to watch live streams of unwitting security camera owners within their homes. The vulnerabilities of existing firmware allowed for egregious invasion of privacy.
Many of the hackable embedded wireless devices now on the market were created without much consideration for security. "Security needs to be architected from the beginning and cannot be made an option," says Mike Muller, CTO of ARM Semiconductors, at a seminar he gave at the IoT Security Summit 2015. Muller believes that very few developers have any real understanding of security. ·“We cannot take all of the software community and turn them into security experts. It’s not going to work.” The answer is that best practices for embedded security must be established and followed. That includes splitting memory into “private critical and private uncritical” and creating device-specific encryption keys. “You have to build systems on the assumption that you’re going to get hacked,” warns Muller.
Identifying potential IoT vulnerabilities requires robust testing before putting devices into production. In 2014, the Open Web Application Security Project (OWASP) published a list called Internet of Things Top Ten: A Complete IoT Review. They recommend testing your IoT device for:
As with any testing, well-written test cases will help manufacturers ensure the security of the device. Better to run through possible scenarios in the lab that to have major issues with customers later. In November 2016, Dan Goodin of Ars Technica reported that a “New, more-powerful IoT botnet infects 3,500 devices in 5 days”. Goodin writes that “Linux/IRCTelnet is likely only the beginning of what could be a long line of next-generation malware that steadily improves its capabilities.” And he laments the defenselessness of IoT devices that proliferate across the web. It’s a sentiment that’s shared by many.
What about your experiences with IoT security and embedded wireless devices? Any stories to tell? What are your recommendations for making things safer? Feel free to post your comments here.
Curious – can LTE and 5G compete or compliment IoT networks or the other way around? The big cellular companies have heavily invested in Long-Term Evolution (LTE) networks and the coming 5G network. They are saying it can compete with the Internet of Things (IoT) network that smaller companies are putting their bets on.
"Despite the prospect of new networks that reach farther than cells and let IoT devices communicate for years on one battery charge, many of the power-sipping networked objects to be deployed in the coming years will use LTE and future 5G cellular systems," reports Stephen Lawson in Computerworld. Lawson's article depends largely on information from the LTE and 5G network developers..
ZDNet took a look at IoT investments stating that "Investors in Sigfox's fund raising included major cellular network operators NTT Docomo, SK Telecom, and Telefonica, so it seems that some at least are hedging their bets," wrote Stuart Corner.
Verizon has not made that kind of investment, but it is investing in its own IoT tech. Looking at the Category M1 tech Verizon is working on, it's hard to see major differences between that and the IoT networks under development, and in place, by the LORA Alliance, Sigfox and others. Cat M1 runs on a 1.4mhz bandwidth with speeds capped at one meg a second. It promises to come in under $10 for consumers.
Verizon is saying LTE and 5G compete or compliment IoT networks and in fact they will exist together. Rosemary McNally, Verizon’s VP for mobile devices and operating system technology, told RCR Wireless that “the Cat M1 network they have in mind will run on the LTE. It will offer more security than IoT”, she promises.
So the question needs to be reframed. Instead of asking if the two networks can compete, ask instead do LTE and 5G have to compete on the same grounds as IoT? No, because they don't have to.
The IIoT and 5G merge in places like over-the-road shipping. IIoT sensors inside the truck feed data into the 5G and LTE networks, which hand it over to controllers and monitors. Decisions can be made within minutes.
The agriculture industry is also using the IoT. Modern tractors are embedded with sensors that provide regular feedback to the manufacturer. A farmer in South Georgia recently got a call from the tractor dealership. The sales rep said he'd received a message that whoever was driving one of the farm's tractors was "riding the clutch." Riding the clutch can cause it burn out, a costly repair. By having IoT in the tractor, the maker was able to monitor use and save the owner money.
Another reason LTE and 5G compete or compliment IoT networks is radio frequencies. The Verizon Cat M1 is going to run on licensed bands. Once those bands hit maximum transmission traffic, Verizon is either going to have to get new bandwidth, which can run to the millions of dollars, or scale back some traffic. If that happens, will Verizon continue to support Cat M1, which appears to have low profit margins? Or, will the company discontinue its IoT investments?
Where 5G and LTE have an advantage is security. Current IoT is running on unlicensed spectrum. Anyone can use it. Turf wars may erupt. Two companies next to each other decide to use the same frequency for their IoT. The signals interfere with each other, causing minor to major problems. With licensed frequencies, this is not a problem.
So can LTE and 5G compete or compliment 5G and LTE complement Iot networks? In truth they compliment each other. Each has strengths and each has weaknesses. Using each system's strong points to cover the other's weak points will create a much stronger network than either could be independently.
WHAT THE FUTURE HOLDS
Doug Brake takes a long and hard look at IoT, 5G, LTE and nextgen wireless in a report for the Information Technology and Innovation Foundation. The industry has gone from 1G (analog) in the 80s to 2G, 3G and now 4G in the past few years. He points out the industry goes through a major upgrade every 10 years. Each upgrade has required big investments. With 2020 a short four years away and 5G already being discussed, AT&T, Sprint and the rest are planning major investments to upgrade the wireless network. The smart ones are planning upgrades that allow IoT.
The questions that should be asked are:
Consider the affordable retained search team of NextGen. Known for "discovering the diamond in the rough", we have successfully identified and recruited the top 14% of the wireless workforce - the "A players" who produce 8 to 10 times more than even "B players". Check out an example of wireless recruitment case studies and client testimonials to discover why clients say "NextGen delivers candidates who not only meet, but exceed our expectations".
IoT medical devices transforming healthcare by changing every aspect of our social and professional lives as billions of pervasive devices enable the acquisition of timely and accurate information about our personal context, the data gathering transforms what doctors can do with actionable knowledge.
The healthcare sector provides an excellent example of the way in which the future billions of IoT devices will introduce disruptive transformation and new paradigms. In an era where population is aging and incidents of chronic diseases are proliferating, healthcare solution providers are increasingly looking into internet connected devices for remote monitoring of elderly and patients’ conditions.
This remote monitoring facilitates preemptive medical interventions, while at the same time increasing the patients’ independence, reducing hospitalization needs and alleviating pressures on the healthcare system.
One of the most prominent classes of IoT Medical Devices transforming healthcare today is wearable devices, which are personalized and provide rich and real-time information about an individual’s healthcare related context, such as heart rates, activity patterns, blood pressure or adherence to medication schedules.
Wearable devices play an instrumental role in monitoring patients’ diseases and recovery state, as well as adherence to prescribed practices and medication. A large number of relevant wearable devices are already available in the market such as activity trackers, smartwatches (e.g., Apple or Garmin Watches), pedometers, sleep apnea detector and smart pills (e.g., AdhereTech’s smart wireless pill bottle).
A less widely known class of wearable IoT medical devices transforming healthcare are implant devices, i.e. devices that are placed inside or on the surface of the human body. The concept of such devices has been around for several years prior to the rise of the IoT paradigm, as prosthetics that were destined to replace missing body parts or even to provide support to organs and tissues.
Therefore, implants were typically made from skin, bone and other body tissues, or from materials (e.g., metal, plastic or ceramic materials). While the distinguishing line between conventional IoT medical devices and wearable / implant devices can sometimes be blurred, we consider as implant medical devices those attached to the skin or placed inside the human body, instead of devices simply worn by the patient.
Impressive examples of implant devices are: (i) Brain implant devices (i.e. electrodes along with a battery empowered devices) used to manipulate the brain and alleviate chronic pain, depression or even schizophrenia; (ii) Electronic chips implanted at the back of the retina in the eye, in order to help sight restoration.
With the advent of IoT medical devices transforming healthcare, implant devices can also become connected and deliver information to cloud computing infrastructures and other applications. In this way, they can become part of the IoT infrastructure and enable the transmission of medical data from the patient to the practitioner on a regular basis. Moreover, with IoT implants patients no longer need to visit their doctor in order download data from their device or even in order to configure the operation of the implant device.
For example, by enhancing devices such as the electronic chip for vision restoration (outlined above) with a small handheld wireless power supply, one can adjust the sensitivity, contrast and frequency as needed in order to yield optimal performance of the device for different environmental settings (e.g., lighting conditions).
Despite their benefits, the adoption of implant IoT medical devices is still in its infancy. One of the main reasons is that the development and deployment of implants is associated with several challenges and risks. In particular, implants are associated with surgical risks concerning their placement and removal processes. Although generally safe, these processes could lead to infections or even implant failures, which makes patients reluctant to adopt them. Moreover, several patients have reported allergies and reactions to the materials comprising the implant devices.
Beyond these adoption challenges, there are also IoT technological challenges associated with the need to understand and optimize the placement and operation of the device. For example, there is a need to optimize radio communications between the implanted device and the receiving devices where the information of the implant is destined.
In this respect, low power operation is very important as a result of the need to economize on power capacity, while at the same time complying with applicable laws and regulations, including security and safety regulations.
From a technology viewpoint, implant solutions have to resolve trade-offs associated with efficiency and accuracy against antenna size, power use, operating bandwidth and materials costs. Moreover, implant devices should be appropriate for various body and skin morphologies, while at the same time offering security and data protection features that render them immune to malicious parties that may attempt to compromise their operation.
The above-listed factors render the design of cost-effective implants that adhere to regulations and optimize their operation very challenging. In order to alleviate these challenges, vendors and integrators of IoT implants resort to simulation. Simulation is an ideal tool for modelling the operation of the device and understanding its communication with the body and other devices of the surrounding environment such as gateways or even other implant devices.
Furthermore, vendors are implementing services that aim at increasing the operational efficiency of the devices, such as preventive or predictive maintenance of the device, as well as remote diagnostics and software upgrades (e.g., remote patching).
The last batch of challenges concerns the important business issues with IoT medical devices transforming healthcare, especially implants, which are not confined to selling devices. Rather, it is about innovating digitally and offering a whole range of services as part of the device’s industry ecosystem. Specifically, vendors and integrators of IoT implants need to find novel ways and business models for sharing their data with healthcare services providers and other stakeholders, while at the same time creating new value chains in collaboration with other device vendors, health professionals, home care services providers and other business actors.
The evolution of IoT medical devices transforming healthcare with implants will gradually signal a shift from the offering of an optimal IoT device to the offering of a pool of optimized and personalized healthcare services that will be built by the device’s industry ecosystem. Implant IoT medical devices are here and expected to play a significant role in the on-going IoT-driven transformation of the healthcare landscape. Stay tuned!
need help recruiting a functional leader in sales, business development, product marketing, software development, medical devices engineering, or clinical integration manager? Click on the link below to discover what NextGen can do and how to contact us today.
The threat of IoT Botnets describes a network of devices that have been compromised by a cybercriminal and are being used to conduct a coordinated attack. Typically these devices are a mixture of computers and mobile devices.
IoT Botnets can be utilized for many different types of cyber attack. Spam email campaigns and Distributed Denial of Service (DDOS) attacks are two common uses for botnets. A DDOS attack involves overwhelming a target with requests and causing the service to fail.
In both scenarios, using a network of compromised machines spreads an attacker's point of origin. This means that DDOS attacks cannot be thwarted simply by blocking a single IP address, and makes it tough for spam filters to identify the source of malicious email. The most commonly discussed examples of these smart devices tend to be consumer-focussed, such as the capacity to control your home heating from your smartphone. But increasingly, there are more and more uses of IoT devices in the business world. Many industries now use a connected network of sensors and cameras to capture data and automate decisions based on that information.
Gartner has predicted that there will be approximately 20 billion IoT devices by the year 2020. And because these devices have an IP address and the ability to share data, they are susceptible to cyber criminals. In fact, many of these devices are far easier to hack than traditional computers and smartphones. In a rush to catch early adopters, manufacturers are overlooking security in favor of product features and speed to market. Additionally, as the industry is still quite new, there are no standardized methods for detecting and fixing a compromised IoT appliance.
One of the main threat of IoT botnets pose is that they make DDOS attacks easier to conduct. Many of these appliances may be connected via the same router, and with their low security levels, it’s straightforward for hackers to compromise multiple devices very quickly. For businesses, this means that even the many consumer IoT gadgets are a threat. Back in 2014, cyber security experts Proofpoint discovered an attack that utilized consumer devices in a sustained cyber breach.
The Internet of Things offers many easy-to-reach IP addresses with which to conduct an attack. And while DDOS attacks aimed at a particular company can be damaging to business and reputation, a coordinated attack of this nature aimed at a country’s critical infrastructure could have even more damaging effects.
The second major threat of IoT Botnets is compromised IoT devices is related to the nature of the work they do. As mentioned previously, the role these appliances play tends to involve the collection of data and subsequent decision-making process. This data itself could be valuable to criminals via ioT botnets. The heating and lighting habits of a particular building could indicate the times when it’s staffed, for example.
But even more dangerous is the prospect that hackers could manipulate this data. For industries that use sensors to indicate that equipment components have exceeded their designed wear thresholds, an inaccuracy in this information could have life-threatening repercussions.
All of this concern inevitably leads us onto the question of what users can do to protect themselves against these attacks. And the honest answer at the moment is that it’s tricky to take definitive action. Much of the progress to secure these devices needs to be made by the manufacturers themselves.
But there a few things that businesses can do to mitigate the risk. The first thing to do is to review your cyber security processes. If you assume that your email filters would not be able to stop a coordinated spam attack using IoT botnets, then how well educated are your users? Do they know how to identify a suspect email?
Secondly, if you’re a business that uses IoT devices, ensure that you have strong login credentials and that you have a robust process for installing any manufacturer updates and patches. You may also be able to segment these appliances onto a separate network to reduce the risk of lateral infection into the rest of your organization.
Probably the biggest thing users can do to threat of IoT botnets is to petition the vendors to take it more seriously. Practices such as digital firmware signatures and anomaly detection could begin to make these devices more secure. It’s clear that the Internet of Things poses a security risk to consumers and businesses alike. There’s no easy answer when it comes to protecting your business from attack. All companies should be reviewing their security policies, having recognized the increased threat of an attack that has multiple origins.
And for businesses that utilize IoT appliances, it’s a case of understanding there is an element of danger and ensuring that the competitive edge offered by these devices outweighs that risk. What does this decision process look like in your business? Are you using IoT appliances and has the phrase ‘Internet of Things’ started to work its way into your general security policy conversations? Are you prepared to face IoT botnets?
Have a key staffing need in cyber security, wireless systems, or IoT data, devices and networks? Consider the expert executive search recruitment team of NextGen with over 30 years of placing executive management, functional leaders, and key sales / engineering staff/
IoT recruiting where a lot of recruiting firms out there - contingency based, RPOs, and retained search firms claim they can deliver results. You have the need to find the right candidate for a key senior executive or functional leadership role. Or you need a key sales, business development, or engineering professional?
The IoT recruiting team of NextGen Global Executive Search has 30+ years experience working for clients large and small in mobile networks, embedded wireless, IoT data and devices, industrial IoT applications and platforms, blockchains, agriculture, IoT consumer product goods wearables in sports, business, and fitness, as well as artificial intelligence and robotics.
It’s been more than a decade since the time when the number of internet-connected devices exceeded the number of people on the planet. This milestone signaled the emergence and rise of the Internet of Things (IoT) paradigm, smart objects, which empowered a whole new range of applications that leverage data and services from the billions of connected devices. Nowadays IoT applications are disrupting entire sectors in both consumer and industrial settings, including manufacturing, energy, healthcare, transport, public infrastructures and smart cities.
Evolution of IoT Deployments
During this past decade IoT applications have evolved in terms of size, scale and sophistication. Early IoT deployments involved the deployment of tens or hundreds of sensors, wireless sensor networks and RFID (Radio Frequency Identification) systems in small to medium scale deployments within an organization. Moreover, they were mostly focused on data collection and processing with quite limited intelligence. Typical examples include early building management systems that used sensors to optimize resource usage, as well as traceability applications in RFID-enabled supply chains.
Over the years, these deployments have given their place to scalable and more dynamic IoT systems involving many thousands of IoT devices of different types known as smart objects. One of the main characteristic of state-of-the-art systems is their integration with cloud computing infrastructures, which allows IoT applications to take advantage of the capacity and quality of service of the cloud. Furthermore, state of the art systems tends to be more intelligent, as they can automatically identify and learn the status of their surrounding environment to adapt their behavior accordingly. For example, modern smart building applications are able to automatically learn and anticipate resource usage patterns, which makes them more efficient than conventional building management systems.
Overall, we can distinguish the following two phases of IoT development:
Despite their scalability and intelligence, most IoT deployments tend to be passive with only limited interactions with the physical world. This is a serious set-back to realizing the multi-trillion value potential of IoT in the next decade, as a great deal of IoT’s business value is expected to stem from real-time actuation and control functionalities that will intelligently change the status of the physical world.
In order to enable these functionalities we are recently witnessing the rise and proliferation of IoT applications that take advantage of Artificial Intelligence and Smart Objects. Smart objects are characterized by their ability to execute application logic in a semi-autonomous fashion that is decoupled from the centralized cloud. In this way, they are able to reason over their surrounding environments and take optimal decisions that are not necessarily subject to central control.
Therefore, smart objects can act without the need of being always connected to the cloud. However, they can conveniently connect to the cloud when needed, in order to exchange information with other passive objects, including information about their state and the status of the surrounding environment. Prominent examples of smart objects follow:
The integration of smart objects within conventional IoT/cloud systems signals a new era for IoT applications, which will be endowed with a host of functionalities that are hardly possible nowadays. AI is one of the main drivers of this new IoT deployment paradigm, as it provides the means for understanding and reasoning over the context of smart objects. While AI functionalities have been around for decades with various forms (e.g., expert systems and fuzzy logic systems), AI systems have not been suitable for supporting smart objects that could act autonomously in open and dynamic environments such as industrial plants and transportation infrastructures.
This is bound to change because of recent advances in AI based on the use of deep learning that employs advanced neural networks and provides human-like reasoning functionalities. During the last couple of years we have witnessed the first tangible demonstrations of such AI capabilities applied in real-life problems. For example, last year, Google’s Alpha AI engine managed to win a Chinese grand-master in the Go game. This signaled a major milestone in AI, as human-like reasoning was used instead of an exhaustive analysis of all possible moves, as was the norm in earlier AI systems in similar settings (e.g., IBM’s Deep Blue computer that beat chess world champion Garry Kasparov back in 1997).
This convergence of IoT and AI signals a paradigm shift in the way IoT applications are developed, deployed and operated. The main implications of this convergence are:
AI is the cornerstone of next generation IoT applications, which will exhibit autonomous behavior and will be subject to decentralized control. These applications will be driven by advances in deep learning and neural networks, which will endow IoT systems with capabilities far beyond conventional data mining and IoT analytics. These trends will be propelled by several other technological advances, including Cyber-Physical Systems (CPS) and blockchain technologies. CPS systems represent a major class of smart objects, which will be increasingly used in industrial environments.
They are the foundation of the fourth industrial revolution through bridging physical processes with digital systems that control and manage industrial processes. Currently CPS systems feature limited intelligence, which is to be enhanced based on the advent and evolution of deep learning. On the other hand, blockchain technology (inspired by the popular Bitcoin cryptocurrency) can provide the means for managing interactions between smart objects, IoT platforms and other IT systems at scale. Blockchains can enable the establishment, auditing and execution of smart contracts between objects and IoT platforms, as a means of controlling the semi-autonomous behavior of the smart object.
This will be a preferred approach to managing smart objects, given that the latter belong to different administrative entities and should be able to interact directly in a scalable fashion, without a need to authenticating themselves against a trusted entity such as a centralized cloud platform.
In terms of possible applications the sky is the limit. AI will enable innovative IoT applications that will boost automation and productivity, while eliminating error prone processes. Are you getting ready for the era of AI in IoT?
Whether your company is developing IoT platforms or applications in the cloud, developing blockchain elements, or using Ai to build Industry 4.0 to utilize smart objects, your success is determined by the quality of your existing team and hiring the right professionals in engineering, sales, product management, and strategy, The experienced recruiters at NextGen Executive Search have a solid history of identifying and recruiting "A players" for functional leadership and executive management roles. Click on the image below to view more information about our Ai, IoT, and cyber security recruitment experience or to contact us directly.