An App-Centric Approach to Mobile Security in Healthcare
Blue Cedar | May 30, 2017
Apple CEO Tim Cook was recently seen test-driving a prototype blood sugar tracker on his Apple Watch. The sighting was a reminder of the two-edged sword of technological innovation in the connected healthcare arena.
On the one hand, the prototype hints at future applications that will make life easier for the millions of people who suffer from diabetes—perhaps even achieving the diabetes holy grail of non-invasive and continuous glucose monitoring (which Apple is also working on). On the other hand, the prototype is a reminder of the endless proliferation of potential cyber-attack vectors that come with innovation in the healthcare space.
Not that we need a reminder. Thousands of hospitals and other organizations around the world are still recovering from the recent WannaCry ransomware cyber-attack that struck computers running Microsoft Windows on May 12, disrupting healthcare and other services, and potentially threatening every aspect of connected health care, including connected medical devices. In the future, what could such an attack mean for diabetics who depend on an Apple Watch app to keep track of their blood sugar levels? One shudders to think.
A recent article in Forbes by former Homeland Security Secretary Michael Chertoff, now executive chairman of The Chertoff Group, and information security and technology expert Jason Cook, zeroed in on this same two-edged sword.
Connected medical devices provide patients and physicians with technology to better manage chronic conditions, improve outcomes and reduce the overall cost of care. They also reduce doctor visits, shrink response times and shorten hospitalizations by empowering patients to manage aspects of their own care. However, they also increase exposure to the threat of cyber-attacks.
As Chertoff and Cook write in Forbes: “To mitigate cybersecurity risks associated with connected medical devices, and ensure patients continue to derive their full benefits, industry must not only build security into its innovation process, but ensure resources are in place to conduct ongoing monitoring efforts.”
It is precisely for this reason that, earlier this month, Blue Cedar issued a new release of its mobile security platform. Unlike traditional Enterprise Mobility Management solutions (EMM), Blue Cedar’s security controls are injected into the apps themselves. The result is superior security controls that don’t affect user privacy or the ease of use they have come to expect from consumer mobile apps. Patients and physicians simply download secured apps from the public app store.
It also means, for example, that doctors could use their own smartphones or tablets to securely access patient information. This is what one of our healthcare provider customers had in mind when it chose Blue Cedar as the platform on which to build a mobile app. The customer—a major medical institute that catalyzes innovation in order to advance health—built an app that contains protected patient information and can be run by clinicians on their own personal mobile devices. According to the customer’s chief innovation officer, the Blue Cedar platform met two critical design specs that the healthcare provider was looking to fulfill simultaneously: rigorous security and rapid access.
The chief innovation officer said the solution had to act heavy but feel light, meaning it had to be transparent to the busy clinicians who cannot spend even seconds navigating layers of controls that create user friction and discourages use—which in turn can impede early diagnosis and immediate treatment.
As Chertoff and Cook note, citing the FDA, effective cybersecurity measures are necessary to assure proper device functionality and to protect health information stored on connected medical devices. Blue Cedar’s app-centric approach to security allows enterprises to avoid the drawbacks of existing device-centric approaches, and empowers them to expand the depth and breadth of their mobile app coverage. It’s the logical evolution of mobile security.