The government is attempting to address a cybersecurity and privacy risk associated with the use of smart speakers to share sensitive personal health information for telehealth applications through a notice to be filed in the Federal Register on Monday. The COVID-19 pandemic accelerated the adoption of smart speakers and other IoT technologies for telehealth applications;
As part of a National Cybersecurity Center of Excellence project, the National Institute of Standards and Technology is soliciting feedback and solutions to help it reduce cybersecurity threats associated with telehealth smart home integration. Health care companies may struggle to identify and mitigate cybersecurity issues when patients bring their own commercial devices and integrate them into the organization’s telehealth solution since the providers do not have access to or control over the devices.
The NCCoE project states, “while the user experience may be improved, practitioners may find challenges associated with deploying mitigating controls that limit cybersecurity and privacy risk given that devices may use proprietary or purpose-built operating systems that do not allow engineers to add protective software.”
NCCoE is making cybersecurity, risk management and privacy framework
The goal of the NCCoE project is to provide a reference architecture that incorporates the NIST Risk Management Framework, NIST Cybersecurity Framework, and the NIST Privacy Framework to identify cybersecurity and privacy flaws and potential solutions.
In order to identify and reduce the associated cybersecurity and privacy issues, the project will construct a model simulating patients utilizing smart speakers for telehealth reasons. In particular, this study will employ off-the-shelf software to simulate the patient’s telehealth ecosystem and potential interventions.
Patient’s home, cloud-hosted service provider, health technology integration solution, and healthcare delivery organization are the “four-domain” ecosystem that this project will serve.
To fund this effort, NIST is in search of parties interested in an NCCoE Cooperative Research and Development Agreement.
What is NIST and what are its goals
The National Institute of Standards and Technology (NIST) is looking for businesses who have solutions to the cybersecurity and privacy issues that arise when employing smart devices for telehealth. Data processing awareness; identity management; authentication and access control; data security; and the investigation of anomalies and occurrences are just a few examples.
Organizations that respond should commit to offering:
- Participating teams gain access to component interfaces and specialists who can assist them integrate various parts of a security and privacy platform.
- The NCCoE will provide support for the project’s development and demonstration in the healthcare sector.
The final product of the project will be a set of best practices for dealing with cybersecurity issues in this setting.
After 30 days from the date of publication in the Federal Register, responses must be submitted.
To read our article about “Nissan’s Self-Parking chairs automatically return to table” click here.
