Connected devices — from regular smartphones to specialized gadgets such as fitness trackers — are storming the world of health care on multiple fronts, transforming everything from the mechanics of health records and payment processes to how people track their own health and seek care when needed.

The changes are transformative: Enterprises and the public stand to benefit from a revolution in health care. But the emergence of connected mobile devices will also pose new security challenges. Staying in front of these challenges will be absolutely critical for enterprises that hope to break into the vast new market of connected devices for health care.

Health Care Finally Goes Online — and Mobile

The current rapid transformation of the health information landscape, as outlined by PwC’s “Top Health Industry Issues of 2016,” has been a long time coming.

For years, the health sector lagged when it came to information technology. The reasons for this ranged from the fragmentation of the industry to the work habits of medical professionals. For example, desktop or even laptop computers were a poor fit for professionals that do much of their work on their feet caring for patients.

Mobile technology has broken through this barrier by providing tools suitable for a clinical work setting, but mobile connected devices are also transforming medicine in other ways. Many of these potential capabilities are in the hands of patients, who can now monitor their health on the go and seek care or information wherever they are.

Reshaping the Boundaries of Health Care

These connected devices are not even necessarily medical in the formal sense. Wearable fitness trackers and related devices, for example, are one of the first big growth areas for the Internet of Things (IoT).

Most are aimed at generally health-conscious consumers, not specifically medical patients. But any gadget that monitors heart rate and blood pressure is gathering information that a doctor might like to know. The line between strictly medical devices and broader health-minded products is breaking down.

And health care is being transformed by connected devices in other respects. Walgreens, for example, provides an app that allows users to manage prescriptions, set medication reminders and order refills. That’s just the tip of the iceberg for the company’s mobile health initiatives, however: It also announced that its apps will soon support telehealth capabilities and reward users for actions such as checking glucose levels.

Connected Devices Pose Security Challenges

These new technologies promise to transform health care in major and positive ways, making more information more readily available. But they also are bringing medical information security concerns to the forefront. The old clipboard-centric world of medicine made information fragmented, but at least what wasn’t online couldn’t be hacked.

Making information available makes it potentially vulnerable. This is the core security challenge that enterprises looking for opportunities will need to keep in mind. The challenge applies even to organizations that haven’t thought of themselves as firmly in the health care sector at all.

Think again about exercise monitoring devices: The people who buy them, who may be in robust health, probably don’t think of themselves as patients at all. Likewise, the vendors probably are not thinking about patient confidentiality. But they should because those devices are providing a treasure trove of health data. In the right hands it could save lives; in the wrong hands it could be abused.

Just to make things even more complex and challenging, security standards and best practices for the IoT are still in their infancy. The art of properly securing connected devices remains a work in progress.

Enterprises in the health care space, whether formally or informally, will do best if they absorb basic principles of good security, such as building in security throughout the development process rather than trying to bolt it on afterwards. This will not only safeguard customers, but also help new technologies to take hold and mature for the benefit of everyone’s health.

more from Endpoint

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]