Skip to Main Content

Back to all Resources

How to expand security posture for connected RPM devices

During the IoT Evolution Expo in June 2022, our Ryan Yahrmatter, Sr. Director, North American Strategic Accounts & Solutions Engineering at Aeris, was a panelist with the moderator Joel Maloff, Chief Compliance Officer at Phone.com. Their topic was “Watching Patiently: Utilizing IoT for Remote Patient Monitoring.” They spoke about how medical device manufacturers (MDMs) and healthcare delivery organizations (HDOs) have embraced connectivity technologies for remote patient monitoring (RPM) devices as a result of COVID. After speaking extensively on the topic during the panel, we interviewed Ryan about cybersecurity and its impact on RPM devices for those who weren’t able to attend. Continue reading for what he had to say.

 

Aeris: For those who could not attend this expo, can you describe what it was like to be there in person?

Ryan: For the past year and a half, many people have shied away from attending big events like this in person. However, the high turnout at this event clearly showed that people are ready and eager to come out and mingle in person. The buzz and energy about the future of IoT in particular were incredible, and I was delighted to witness it first-hand.

  

Aeris: Tell us a little about why you used the parable about the blind men and the elephant to start off your panel session.

Ryan: Actually, I didn’t know about this parable at all. It was only after I read Mr. Maloff’s doctoral thesis that I decided to incorporate it into my presentation. I find it a very fitting metaphor for cybersecurity in the healthcare industry. Regardless of who you talk to—patients, doctors, HDOs, MDMs, or regulators—there is consensus about the importance of and need for cybersecurity. However, their opinions about what is cybersecurity and who is ultimately responsible are not fully aligned. Quite often their perception is that it’s others’ job to ensure both the patient’s and providers’ information remains protected and safe. This is exactly the point Mr. Maloff made in his doctoral thesis.

  

Aeris: Do you have some numbers that show how serious the cybersecurity issues are for the healthcare industry?

Ryan: There is plenty of data out there that paints a very dire situation. For instance, last year the number of healthcare data breaches reached an all-time high and impacted 45 million people. Moreover, according to IBM the average cost of a data breach within healthcare increased from $7.13M in 2020 to $9.23M in 2021. For my panel session, I used the accompanying graph to highlight how cybersecurity could worsen as more connected medical devices are used around the world. In this graph, the bars show the analyst’s projection for the connected home medical monitoring devices worldwide (source: Berg Insight). They are overlaid with a line showing the number of breaches that have been reported to the U.S. Department of Health and Human Services (HHS). The increase in the adoption of connected medical devices and the rise in security breaches mirror each other. If you read the most recent article from Aeris, you will see that 75 percent of these security breaches last year were in fact classified as hacking/IT incidents.

Aeris: Given the rising number of security incidents, what is being done to address this issue by the industry as a whole?

Ryan: To tackle this complex and pressing issue, the healthcare industry and the regulators are beginning to work together. In the United States, for instance, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) led to the creation of the HIPAA Privacy Rule and the HIPAA Security Rule by the HHS. They define the what and the how of safeguarding the privacy of individually identifiable health information, commonly known as protected health information (PHI).

 

In addition, the Health Sector Coordinating Council (HSCC), a coalition of 300 industry organizations, is working with the U.S. government to develop strategies to address emerging and ongoing cybersecurity challenges to the healthcare industry. This is especially important because of the changes made to the Current Procedural Terminology (CPT) codes by the Centers for Medicare and Medicaid Services (CMS). These changes not only made RPM more accessible to patients, but also enable HDOs to get additional reimbursements through the RPM services. So there is a clear and urgent need to implement more secure and robust security for the RPM devices.

 

Aeris: For MDMs what can they do to improve the cybersecurity of the connected RPM devices?

Ryan: When you think about the connected RPM devices and connected medical devices in general, their large scope of deployment—we are talking about tens of thousands of them anywhere in the world—makes cybersecurity especially challenging. To provide ubiquitous coverage wherever they are in the world while safeguarding the PHI and other sensitive business data, MDM needs to look for connectivity providers who not only provide visibility on the data going to/from RPM devices, but also deep network intelligence that can quickly and easily detect any anomaly or security threat. The only way to do that at scale is by leveraging machine learning (ML). Only when you seamlessly integrate ML with the connectivity platform can you effectively prevent, detect, and respond to any security threat to your RPM devices.

Aeris: What is one key takeaway you want your audience to remember from the panel session?

Ryan: Manufacturers of RPM devices need to be thoughtful about cybersecurity from the beginning. This is the notion of secure by design our CTO talked about in his previous webinar. Most importantly, security needs to be “harmonized” with connectivity. In the other words, security cannot be implemented via the so-called “snap-and-tap” approach. With Aeris, we seamlessly integrate our latest innovations on IoT security with our world-class connectivity management platform. By combining cutting-edge machine learning technology with our intelligent IoT network, which we built from the ground up and have been maintaining and optimizing for close to 30 years, Aeris offers the most powerful yet cost-effective way to protect your RPM devices and any other IoT devices that run on our network. Don’t just take my word for it. Check out our latest innovation, Aeris Intelligent Security Center and see what it can do for you.

Sign up for the latest on IoT intelligence