"NIST Wants to Mitigate Smart Home Telehealth Cybersecurity Risks"

The COVID-19 pandemic increased the use of Internet of Things (IoT) devices for telehealth purposes. However, using smart speakers to share sensitive personal health information for telehealth purposes may pose a cybersecurity and privacy risk, which the government is attempting to address, according to a notice recently filed in the Federal Register. As part of the National Cybersecurity Center of Excellence (NCCoE) project addressing this issue, the National Institute of Standards and Technology (NIST) is seeking comments and solutions to help them in mitigating cybersecurity risks in telehealth smart home integration. Since consumers are using their own commercial devices and integrating them into a health delivery organization's telehealth solution, these organizations may struggle to identify and address cybersecurity risks because they do not have control over these products. While the user experience may be improved, practitioners could face challenges in deploying mitigating controls that limit cybersecurity and privacy risk because devices may use proprietary or purpose-built operating systems that do not allow engineers to add protective software, according to the NCCoE project. The NCCoE project plans to provide a reference architecture that uses the NIST Risk Management Framework, NIST Cybersecurity Framework, and NIST Privacy Framework to identify cybersecurity and privacy risks and solutions. The project will create a model that mimics patients using smart speakers for telehealth purposes to detect and mitigate the associated cybersecurity and privacy issues. This article continues to discuss NIST looking for providers to help address the cybersecurity and privacy vulnerabilities in the telehealth ecosystem. 

GCN reports "NIST Wants to Mitigate Smart Home Telehealth Cybersecurity Risks"