WISeKey International Holding Ltd. is now partnering with global technology organizations to provide an extensive set of security bricks to bring cybersecurity into the area of modern telemedicine. Additional information about these partnerships will be announced at a later date.
In 2017, Foley Telemedicine and Digital Health Survey reported that in just three years the telehealth situation dramatically changed from 87 percent respondents not expecting their patients to use telemedicine to 75 percent having already implemented, or planning to implement, telemedicine services. This surging demand has multiple explanations. For personal convenience, health cost reduction or in case of contagious situation, patients are increasingly encouraged/advised to stay home. Remote patient monitoring (RPM) capabilities are instrumental in keeping Health Delivery Organizations (HDO) in touch with their patients.
As emphasized in the May 2019 National Cybersecurity Center of Excellence (NCCoE – part of the US National Institute of Standards and Technology [NIST]) and The MITRE Corporation description of a new project about Securing Telehealth Remote Patient Monitoring Ecosystem, cybersecurity concerns exist about having RPM equipment out of HDO secure environment. Both the US Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the more recent EU General Data Protection Regulation (GDPR) enforce the protection of private data by defining clear legal responsibilities, including in the telemedicine area.
“Over the last several years, WISeKey has been investing an average of more than 18% of its annual revenue to create a unique cybersecurity proposal from chip to cloud and therefore extend its recognized expertise in digital security to new boundaries,” indicated Carlos Moreira, WISeKey’s Founder and CEO. “New telehealth applications bring significant relief to patients. However, threats coming from possible cyberattacks exist that are not only about data privacy as this could be illustrated by the example of remotely controlled infusion pumps.”
WISeKey has combined a complete set of technologies to guarantee health data integrity and confidentiality, whenever they are at rest or in transit from patients’ home to HDO, following this possible RPM infrastructure:
- A secure element is added to the RPM device to protect the data at source and encrypt & digitally sign them over a Bluetooth Low Energy (BLE) connection to a local communication gateway. This secure element is either a certified WISeKey’s VaultIC407 added to the device microprocessor, or a secure enclave of this microprocessor based on WISeKey’s proven security Intellectual Properties (IPs).
- Patients’ drugs containers and other sensitive consumables are equipped with NanoSealRT, the WISeKey’s NFC solution to provide any object with a communication channel for authentication, tracking or interactivity purpose.
- A local gateway connects all medical devices at home to the HDO server through a 5G network. Similarly to connected devices, the gateway contains aVaultIC407 or WISeKey’s security IPs to protect the local BLE network of medical devices and guarantee the health data integrity and confidentiality until the HDO server.
- WISeKey’s VaultiTrust service for secure data generation and injection into secure elements is at the heart of this infrastructure. It provides any object with a strong digital identity.
- On the HDO server, patient’s medical data are still managed under a consistent security scheme with WISeKey’s Public Key Infrastructure (PKI) based on the OISTE Foundation Root-Of-Trust. WISeKey’s blockchain technology is used whenever a secured distributed ledger must assure the ubiquitous availability of the data.