The US’s National Cybersecurity Center of Excellence has released the draft of NIST Cybersecurity White Paper 34, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration for public comment.
This paper examines risks found in Hospital-at-Home deployments when using smart speakers as a representative IoT device and provides recommended steps to address these risks. This paper also describes applying controls that include access control, authentication, continuous monitoring, data security, governance, and network segmentation.
Hospital-at-Home is a form of telehealth where patients receive in-patient care, including clinical care and monitoring, at their place of residence. Healthcare systems have begun incorporating communications interfaces, patient monitors, and other medical devices into the patient’s residence to provide advice and perform clinical care while leveraging the advantages associated with patients receiving treatment in an amenable location.
Hospital-at-Home offers several benefits to healthcare delivery organisations, including improving patient outcomes, alleviating in-patient bed capacity limits, and providing safety for patients and care team members in infectious scenarios.
While these are desirable benefits, Hospital-at-Home introduces privacy and cybersecurity risks by introducing medical-grade equipment and information systems into environments the hospital does not control.
The public comment period for this draft has been extended until 4.00 p.m. AEDT on January 22, 2025. All comments that are received will be reviewed and adjudicated to inform the final publication.
You can view the publication and submit comments by visiting the National Cybersecurity Center of Excellence project page online.
