Thales eSecurity News Release

Thales and Device Authority launch solution to secure the Connected Health industry

New healthcare IoT solution ensures device and data security for medical devices

Thales, a leader in critical information systems, cybersecurity and data security, and Device Authority, a leader in identity and access management (IAM) for the internet of things (IoT), announce a jointly developed solution to ensure the authentication of IoT devices and the confidentiality and integrity of the data they rely on – giving both healthcare professionals and their patients the confidence to adopt these new technologies.

The IoT market in healthcare, otherwise known as ‘Connected Health’, has boomed in recent years with forecasts predicting it will reach $612bn by 2024. IoT devices have enabled new services from remote diagnosis to disease and lifestyle management via mobile apps to medical device integration. It has transformed the way healthcare is provided, creating both a better level of care and operational efficiencies. However, the healthcare industry is regularly targeted by cybercriminals, with 70 percent of healthcare organizations around the world having experienced a data breach according to the 2018 Thales Data Threat Report. As new technologies are adopted by the healthcare industry, they provide new opportunities for cybercriminals – and the risks are high.

Darron Antill, Chief Executive Officer of Device Authority, added:

“IoT is transforming the healthcare industry and the way healthcare is provided. When you look at medical devices it’s imperative that the right data files from the right consultant go to the right device to instruct it to perform the right procedure, or administer the precise amount of medication, for the correct patient – and there must be no question at any point over the integrity of the data or the medical device. This solution will bring a new level of assurance to both healthcare professionals and patients that the technology being implemented is secured and all data transferred is safe from compromise.”

Cindy Provin, Chief Executive Officer of Thales eSecurity, says:

“Every day we are seeing how technology in healthcare is helping improve the care that patients receive. However, we have also seen that the healthcare industry is regularly under threat from cybercriminals. Our partnership with Device Authority enables us to solve the device authentication, integrity and data privacy challenges that are impeding IoT deployments, by creating a hardened system for issuing and managing device credentials and keys that are essential to creating a root of trust and enhancing patient safety for customer IoT projects.”

The new solution from the partnership integrates Device Authority’s KeyScaler platform with the Thales nShield Connect hardware security module (HSM). This provides high-assurance device authentication at IoT scale, managed end-to-end encryption to meet compliance requirements and certificate provisioning for healthcare and other connected devices. The solution will authenticate any new device hardware and establish a strong root of trust and identity on the network. The solution then provides additional security operations, such as issuing a security token that the device can use to validate itself to other IoT platforms, or provide a unique device key and certificate. The KeyScaler platform delivers automation for critical credential management processes, in addition to tokenized access control and policy-based encryption for data, in transit and at rest. The solution is currently being piloted with medical devices.

Want to learn more? Download our Healthcare IoT Security Blueprint

Industry insight and views on the latest data security trends can be found on the Thales eSecurity blog at blog.thalesesecurity.com.

About Device Authority

Device Authority is the leading provider of IoT IAM. Our KeyScaler™ platform provides trust for IoT devices and the IoT ecosystem, to address the challenges of securing the Internet of Things. KeyScaler™ uses breakthrough technology including Dynamic Device Key Generation (DDKG) and PKI Signature+ that delivers unrivalled simplicity and trust to IoT devices. This solution delivers automated device provisioning, authentication, credential management and policy based end-to-end data privacy/encryption.