Insights & Analyses

CSS launches unique identity foundation, lifecycle management for medical device cybersecurity – One World Identity

July 17, 2018

Blending the unique needs of cybersecurity with HIPAA regulation compliance, a next-generation secure identity framework platform from Certified Security Solutions aims to protect sensitive data collected by life-critical medical devices.

CSS this week announced its “crypto-agile platform,” addressing medical device security challenges through a unique identity foundation and lifecycle management strategy. The new platform aims to help enable organizations to build dedicated, cost-efficient device security systems.

The system provides each device a unique identity through a secure digital certificate. This targets a segment of the Internet of Things space, known as the Identity of Things, which focuses on accountability and security of connected devices.

Studies have shown that medical records can be worth hundreds of times more than other sensitive PII on the black market, such as credit cards or Social Security numbers. As health devices get smarter and more connected, they are exposed to more potential attack vectors, emphasizing a need for robust security practices and assurances that devices may not have been compromised at any point, from the manufacturing process all the way to use on a patient.

CSS says its platform establishes a chain of trust, from project design to end-user operation. The company says this will make it easier to manufacture, move, deploy and use medical devices securely.

It also allows for bug fixes and software updates with its crypto-agile design.

Each device is given a unique identity during the manufacturing process, ensuring ownership and role assignments for each device. This allows chain-of-custody verification, and also helps ensure devices perform as intended, based on an identity and role stablished during manufacturing.

OWI Insight: Health data and medical devices present unique complications within identity, cybersecurity, and the data economy. Not only do businesses in this space need to worry about best practices and security for sensitive information, but they must also be compliant with federal regulations through HIPAA. Connected medical devices offer new opportunities for treatment and research in the medical field in ways that were previously unimaginable. But the rise of IoT in medicine spotlights the need for increased IDoT awareness and security — a segment CSS appears uniquely positioned to target with this latest offering.