The more mobile healthcare data becomes available in a hospital the more vulnerable sensitive patient and financial data becomes to theft and invasion of privacy, say healthcare security experts. But a team of researchers at Dartmouth College believe theyve engineered a small device that resembles a magicians wand that can secure health data sent between mobile devices over a wireless network.
There are millions of wireless devices deployed at the more than 5,600 hospitals in the U.S. that doctors, nurses and other hospital personnel use to administer and treat patients. These devices include tablets that collect and analyze health data, personal smartphones that hospital workers use to send and receive work-related text messages and computerized workstations, pumps, monitors and other devices.
These mobile devices often send and receive sensitive data over wireless networks that may not be secure enough to prevent data breaches and theft of patient information. For example, a patient’s insulin pump may accept dosage instructions from unauthorized smartphones that have been infected with malicious software. A patient’s fertility-tracking app could expose data to nearby strangers as it probes for a Bluetooth device to connect with, says David Kotz, a professor of computer science at Dartmouth College. He is also a leader of a National Science Foundationproject, “Trustworthy Health and Wellness,” which aims to protect patients and preserve the confidentiality of medical data as records move from paper to electronic form.
Mobile devices using unsecured wireless networks inside a hospital also leaves the hospital open to denial-of-service attacks that are capable of causing widespread disruption to hospital operations. A denial of service, or DoS, attack isan attempt to make a machine or network resource unavailable to its intended users such as to temporarily or indefinitely interrupt or suspend services of a host connected to the web, according to Wikipedia.com
Stealing patient data through a medical device and holding hospitals hostage through data attacks such as the much publicized incident at Hollywood Presbyterian Medical Center in Los Angeles in February is another potentially big problem. Data breaches in healthcare continue to put patient data at risk and are costly, says Doug Pollack, a healthcare information security researcher and chief strategy officer for ID Experts, a developer of identity theft protection applications and services. No healthcare organization, regardless of size, is immune from data breach.
Data breaches could cost U.S. hospitals as much as $6 billion in stolen information and related problems annually, according to research firm Ponemon Institute, which publishes an annual survey on the privacy and security of healthcare data.
But Dartmouth researchers think their newest device may help with the problem of moving data over an unsecured wireless network. Researchers have spent the past several months building and testing Wanda, a small piece of hardware with two antennas that uses radio waves to set up a secure network link between mobile devices. A user points the wand at the device thats part of a nearby wireless network, or Wi-Fi, access point such as a router in a medical office, hospital room or at home. The device can set up a secure wireless network with its own name and password and then uses radio wave technology to connect multiple devices to the network.
In a hospital programmers or other information technology specialists are then able to use the secure network connection to put in place further forms of protection to encrypt the data. Wanda could be used to set up a secure connection between any kind of device that generates data, such as a wireless blood pressure monitor or a video camera, and a device that receives the data, such as a smartphone or tablet, says Timothy Pierson, a Dartmouth graduate student and chief researcher for the team that built the device.
The device was developed recently and is not yet been rolled out to hospitals. Pilot testing in hospitals and other health settings are only in the initial planning stages, the Dartmouth researchers say. But Dartmouth does intend to patent its new mobile security device and foresees eventually establishing commercial licensing deals. Wanda has universal appeal and can be used for any kind of information and it can be used for any kind of device with a wireless radio such as Wi-Fi, Pierson says. It is useful when devices that have never met or shared a secret encryption key need to set up secure communications between themselves.
Wanda is the latest mobile security initiative Dartmouths Trustworthy Health and Wellness project and other universities have developed for healthcare. Dartmouth, along with John Hopkins University, the University of Illinois, the University of Michigan and Vanderbilt, are sharing a 10-year, $5 million grant from the National Science Foundation to research and develop devices and programs to better protect patient medical records and privacy. “We are developing novel methods for security and privacy so we can help usher in an era of effective and secure mobile health solutions,” Kotz says.