Security Technology Executive (STE) editors recently caught up with Kevin von Keyserling, who has been the CEO & Co-Founder of Keyfactor since 2003. Keyfactor is a market leader in comprehensive digital security management. The company’s solutions portfolio includes secure digital identity solutions that govern the entire digital identity lifecycle – from initial design of a single device all the way through the management of millions of device identities.
STE: Cybersecurity is a hot topic – and very broad at that. What does it mean for the healthcare industry?
Kevin von Keyserling: Digital healthcare security is all about driving safe point-of-care delivery. Whether you’re a hospital, electronic health records service provider or a manufacturer of medical devices, protecting patient data is critical and the threat of device takeover is real. Like other industries, healthcare is becoming more connected than ever. Patients, caregivers, doctors, hospitals, devices and data are in a constant digital dialogue. As technology evolves, even more medical devices will collect and transmit data over open networks. For manufacturers, this means it’s no longer just about building great hardware - the software they run defines today’s devices. As data transmission in the healthcare ecosystem never stops, the significant and potentially deadly gaps in cybersecurity can have a devastating impact at a moment’s notice.
STE: What are the biggest digital security challenges facing healthcare organizations today?
von Keyserling: Scalability, agility and connectivity. Patients, doctors, healthcare facilities and caregivers require greater access to more information to increase a patient’s standard of care. Being able to share that data securely across organizations with disparate systems and processes is a challenge. Devices that have historically operated by accessing a closed Ethernet are now connected over a hospital network – this type of on-demand connectivity provides incredible benefits but also comes with gaps in security. Many organizations have begun or are considering a transformational journey. Successful security, like many other operational processes, is not easy. You’re building a strategy and plan that must take into account today’s technology and tomorrow’s innovation - all the while making patient welfare the number one priority.
STE: Why is it important for medical devices to have a digital identity?
von Keyserling: We fundamentally believe that every single electronic device that’s manufactured in the world today is going to collect and disseminate data across the Internet. Keeping the device and its data secure is expected by customers and mandated by regulators. By binding an identity to a device before it goes out into the world, you can be confident that every device is authenticated and encrypted, and will remain secure for as long as it’s in use.
When the ecosystem works, the benefits are unparalleled. Device manufacturers have trusted digital identities on every device giving them visibility into field performance and the ability to update devices remotely and securely. EHR’s provide their health system clients with continuous access to real-time, secure patient data. Doctors are able to assess that data and communicate corrective steps with confidence, improving patient outcomes.
STE: How can healthcare device manufacturers improve their device security?
von Keyserling: Begin with the foundation and build from there. It’s no longer a discrete cycle of ‘build it, ship it, and move on to the next line.’ Security needs to be at the forefront of the design and build - and the security needs of devices post-deployment must be considered.
To start, you need to make sure each device has a properly trusted digital identity – and that process should be agile. Anything you’re building into the firmware today will need to be updated. This is where crypto-agility comes into play. Algorithms degrade and you want the ability to maintain and strengthen digital identities over the lifetime of every device. Take an inventory of what you’ve already deployed. Can you easily upgrade what’s out in the field through new firmware? Can you strengthen the digital identity from afar?
Think about use cases – how will the device be used and what data will be gathered and dispersed? Engage the product team that owns the next-gen vision and invest in technology that builds security into the design. Where will the device be two, five, ten years from now? Healthcare is one of a few industries that have life or death consequences. Consumers may not be thinking about the dangers of system takeovers, but they’ll quickly come up to speed if a device puts them in danger.
STE: How do you see the securing of identities evolving?
von Keyserling: Simply put, it will become more seamless with a single or reduced sign-on process. With more devices and apps becoming connected, the process of managing digital identities is getting increasingly difficult every day. But investments are being made and organizations are getting better at it behind the scenes. We’re getting to a point where cryptographic keys are updated automatically. The days of typing in passwords and User IDs will be here for a while, but we’ll eventually see the entire process become more automated and secure.
STE: How does innovation play in digital security for healthcare?
von Keyserling: Fast-paced innovation plays a key role in the healthcare industry – that’s because medical device manufacturers are always looking to improve the patient experience. Wearable devices like watches can take personal EKGs, creating a report that gets sent directly to a doctor. Next-gen pacemakers are talking to smartphones and sharing biometric data with doctors and hospitals. For example, a patient with an installed pacemaker is at home, not feeling great. The device transmits data to his or her doctor that suggests the pacemaker needs tweaking. The doctor interprets the data and makes updates to the device’s settings on the fly. The technology optimizes both the well being of the patient and their overall healthcare experience. When the patient wakes up in the morning, they feel better. This type of innovation is leading the way for healthier patient outcomes.