How Safe is the IoT?

We look at the recent situation at Abbott, and get a comment from new kids on the block, Tridentify AB (www.tridentify.se) –  Sweden.

At a time when Abbott Laboratories have been the subject of a stinging criticism from the US FDA, for  failing to properly investigate and resolve risks related to its implanted heart devices, including cybersecurity threats and a battery malfunction linked to two patient deaths – it’s important to take a measured view, and ask; are all devices that contain a battery, and can send info  – likely to run into these same problems.

Not according to new Tracer developers,  Tridentify. Based in Stockholm and Gothenburg, their CIO Leif Sandvik.  It all depends on whether you have actual patient data. Simple tracking of info and pure functionality, should not be an issue. This is what he says and how Tridentify solve these aspects:

“It is correct that we use AES-128 for all communication in QTA Tracer System, but the most important is that we do not use any patient data in the system for the moment. This mean that we actually do “not have any” data to protect even if we do it.😬

If a battery should fail, the tracer will reset and the red LED will flash. If the battery is drained no LED will flash and according to the manual the product should be handled as expired.”

But Johan Snis,  former Abbott Marketing Manager and new Commercial Director at Tridentify – goes further:he says there will always be some element of risk – but this is manageable;

“I would say that secure data is an important topic when entering IoT or IoMT as med tech has their own abbrevation.
Hospitals was one of the last “industries” to internetify themselfes and still they are a bit behind in knowledge and technology, including security. But patientdata is now, in most countries, in digital format on databases accesible from interhospital networks. So if healthcare already has accepted that evolution they cannot void themselfs against IoT. And they shouldn’t, since this is the most prominent way to personalize healthcare and keeping patient at home or specialist clinichans on remote locations.

However, data security is important. All data transfered to and from QTA is done using AES-128, Advanced Encryption Standard. The encryption uses a 128 bit key and it gives 3,4×10^18 possible key combinations.
If we would use the fastest supercomputer in the world it would take it approx 1 billion billion years to crack the encryption. The universe is 13.75 billion years old as we speak.
If we assumes that every person on the earth has 10 computer each and all of them would be used to crack the encryption it would take 77,000,000,000,000,000,000,000,000 years.

So data transfer can be secure. The above argument doesn’t say that it cannot be broken but that it will be tough. On the other hand it is possible to break into a hospital, it is possible to disguise as a doctor and give poison to a patient. Paper journals are possible to steal and forge…and so on.

For me the discussion has to be open minded. Yes it is very important to have secure future system! On the otherhand, the system used today are not foolproof or “pentagon” secure.”


 

 

Author: umnitso

Managing Editor at ProfoMedia, and Senior Partner at The CRT Partnership, a a leading specialist in brokering international alliances and partnerships; a published author in own right - as well as accredited media for major trade associations, including HIMSS, Vitalis, and others.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s