Thales and Device Authority launch solution to secure the connected health industry


New healthcare IoT solution ensures device and data security for medical devices

Thales, a leader in critical information systems, cyber security and data security; and Device Authority, a specialist in identity and access management (IAM) for the internet of things (IoT), have announced a jointly-developed solution to ensure the authentication of IoT devices and the confidentiality and integrity of the data they rely on – giving both healthcare professionals and their patients the confidence to adopt these new technologies.

The IoT market in healthcare, otherwise known as ‘connected health’, has boomed in recent years with forecasts predicting it will reach $612billion by 2024.

IoT devices have enabled new services from remote diagnosis to disease and lifestyle management via mobile apps to medical device integration.

It has transformed the way healthcare is provided, creating both a better level of care and operational efficiencies. However, the healthcare industry is regularly targeted by cybercriminals, with 70% of healthcare organisations around the world having experienced a data breach according to the 2018 Thales Data Threat Report.

As new technologies are adopted by the healthcare industry, they provide new opportunities for cyber criminals – and the risks are high.

Darron Antill, chief executive of Device Authority, said: “IoT is transforming the healthcare industry and the way healthcare is provided.

“When you look at medical devices it’s imperative that the right data files from the right consultant go to the right device to instruct it to perform the right procedure, or administer the precise amount of medication, for the correct patient – and there must be no question at any point over the integrity of the data or the medical device.

“This solution will bring a new level of assurance to both healthcare professionals and patients that the technology being implemented is secured and all data transferred is safe from compromise.”

Cindy Provin, chief executive of Thales eSecurity, added: “Every day we are seeing how technology in healthcare is helping improve the care that patients receive.

“However, we have also seen that the healthcare industry is regularly under threat from cyber criminals.

“Our partnership with Device Authority enables us to solve the device authentication, integrity and data privacy challenges that are impeding IoT deployments, by creating a hardened system for issuing and managing device credentials and keys that are essential to creating a root of trust and enhancing patient safety for customer IoT projects.”

The new solution integrates Device Authority’s KeyScaler platform with the Thales nShield Connect hardware security module (HSM).

This provides high-assurance device authentication at IoT scale, managed end-to-end encryption to meet compliance requirements and certificate provisioning for healthcare and other connected devices.

The solution will authenticate any new device hardware and establish a strong root of trust and identity on the network.

The solution then provides additional security operations, such as issuing a security token that the device can use to validate itself to other IoT platforms, or provide a unique device key and certificate.

Sign up for your free email newsletter

The KeyScaler platform delivers automation for critical credential management processes, in addition to tokenised access control and policy-based encryption for data, in transit and at rest. The solution is currently being piloted with medical devices.