New Internet of Things Cybersecurity Legislation Brings Changes to the Industry

Touro Healthcare Cybersecurity Director Joe Giordano Says Bill Increases Need for Security Experts

December 21, 2020
A woman checking her heartbeat on an internet-enabled smartwatch.
Health monitoring devices like smartwatches and fitbits, are part of the healthcare Internet of Things.

Recently, the Senate passed by unanimous consent H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act. This very important bill directs the National Institute of Standards and Technology (NIST) to develop guidelines on the use of IoT devices and the management of their vulnerabilities.

A New Potential Cybersecurity Law for IoT Security

This bill demands that NIST develop and publish standards and guidelines for how the federal government should use and manage IoT devices connected to information systems, including “minimum information security requirements for managing cybersecurity risks associated with such devices.” This cybersecurity legislation directs NIST to consider current industry standards, guidelines, and best practices.

While this is a great first step in terms of securing IoT devices, it is important that there is enforcement so the standards and guidelines are taken seriously and followed. Too many times in the past, standards and guidelines have been sidestepped or even ignored. The stakes are too high here as the number of IoT devices increases and security measures are sorely lacking.

IoT Device Security in Healthcare

Touro College Illinois’ innovative healthcare cybersecurity graduate certificate has a course dedicated to securing IoT devices. The Touro course on IoT security presents students with foundational concepts and understanding related to the application and impacts of IoT devices within the healthcare environment. Medical IoT devices already exist in many aspects of healthcare today. This includes complex medical devices and procedures such as CT scans and MRI systems to simple devices such as blood pressure and temperature recording instruments that communicate and record measurements directly into the patient chart.

Increasingly, medical IoT devices such as heart monitors are being placed on patients for extended periods of time to monitor fluctuations in real-time as they go about their daily lives. These devices report real-time readings to healthcare environments for immediate evaluation and triage. The security and safety of these devices are vital and require detailed validation and constant monitoring. Critical questions regarding the life cycle of these devices from the development, supply-chain, device updates, and the integration with information systems will be covered in this course.

Healthcare environments are another area of security concern. As hospital staff, contractors, patients and their families enter the environment, they bring with them a host of IoT devices that may present a security and/or safety threat to any healthcare environment.

As cybersecurity legislation lays the foundation for improving IoT device security, we need well-trained cybersecurity specialists and engineers to lead future innovation and keep our healthcare networks safe.

Joe Giordano is the Director of the Healthcare Cybersecurity Certification Program in Touro College Illinois.