This project's goal is to provide HDOs with practical solutions for securing an ecosystem that incorporates consumer-owned smart home devices into an HDO-managed telehealth solution. This project will result in a freely available NIST Cybersecurity Practice Guide.
While the healthcare landscape began telehealth adoption that parallels technology advancement over recent years, 2020 acted as a catalyst for healthcare delivery organizations expanding patient interaction and monitoring. Telehealth advances coincide with a proliferation of IoT devices, including smart speakers. This project will analyze how consumers use smart home devices as an interface into the telehealth ecosystem. Smart home devices offer enhanced, multi-sensory user experiences that allow individuals to converse with technology naturally. While the user experience may be improved, practitioners may find challenges associated with deploying mitigating controls that limit cybersecurity and privacy risks given that devices may use proprietary or purpose-built operating systems that do not allow engineers to add protective software. Practices and guidance are available for safeguarding computer systems. However, smart home devices use voice command and response, which differ from text- or graphic-based user interfaces. For example, common data security approaches based on computer systems that depend on an individual's ability to provide usernames and passwords may not be applicable.
The project team will apply the 1) NIST Cybersecurity Framework; 2) NIST Privacy Framework; and 3) the NIST Risk Management Framework to identify threats and risks to the smart home integrated telehealth ecosystem. The project will focus on three common scenarios that involve using smart home devices using voice assistant technology. These devices interact with clinical systems deployed in an NCCoE Healthcare laboratory environment. The project team will develop a reference design and a detailed description of the practical steps needed to implement a secure solution based on standards and best practices.
This project's goal is to provide HDOs with practical solutions for securing an ecosystem that incorporates consumer-owned smart home devices into an HDO-managed telehealth solution. This project will result in a freely available NIST Cybersecurity Practice Guide. While the healthcare landscape...
See full abstract
This project's goal is to provide HDOs with practical solutions for securing an ecosystem that incorporates consumer-owned smart home devices into an HDO-managed telehealth solution. This project will result in a freely available NIST Cybersecurity Practice Guide.
While the healthcare landscape began telehealth adoption that parallels technology advancement over recent years, 2020 acted as a catalyst for healthcare delivery organizations expanding patient interaction and monitoring. Telehealth advances coincide with a proliferation of IoT devices, including smart speakers. This project will analyze how consumers use smart home devices as an interface into the telehealth ecosystem. Smart home devices offer enhanced, multi-sensory user experiences that allow individuals to converse with technology naturally. While the user experience may be improved, practitioners may find challenges associated with deploying mitigating controls that limit cybersecurity and privacy risks given that devices may use proprietary or purpose-built operating systems that do not allow engineers to add protective software. Practices and guidance are available for safeguarding computer systems. However, smart home devices use voice command and response, which differ from text- or graphic-based user interfaces. For example, common data security approaches based on computer systems that depend on an individual's ability to provide usernames and passwords may not be applicable.
The project team will apply the 1) NIST Cybersecurity Framework; 2) NIST Privacy Framework; and 3) the NIST Risk Management Framework to identify threats and risks to the smart home integrated telehealth ecosystem. The project will focus on three common scenarios that involve using smart home devices using voice assistant technology. These devices interact with clinical systems deployed in an NCCoE Healthcare laboratory environment. The project team will develop a reference design and a detailed description of the practical steps needed to implement a secure solution based on standards and best practices.
Hide full abstract