Date Published: November 6, 2024
Comments Due: January 6, 2025
Email Comments to:
hit_nccoe@nist.gov
The National Cybersecurity Center of Excellence (NCCoE) has released for public comment the draft of NIST Cybersecurity White Paper (CSWP) 34, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration. The comment period for the draft is now open through January 6, 2025.
About the White Paper
Hospital-at-Home (HaH) is a form of telehealth wherein patients receive in-patient care, including clinical care and monitoring, at their place of residence. Healthcare systems have begun incorporating communications interfaces, patient monitors, and other medical devices into the patient’s residence to provide advice and perform clinical care while leveraging the advantages associated with patients receiving treatment in an amenable location. HaH offers several benefits to healthcare delivery organizations (HDOs), including improving patient outcomes, alleviating in-patient bed capacity limits, and providing safety for patients and care team members in infectious scenarios.
While these are desirable benefits, HaH introduces privacy and cybersecurity risks by introducing medical-grade equipment and information systems into environments the hospital does not control. This paper examines risks found in HaH deployments when using smart speakers as a representative IoT device and provides recommended steps to address these risks. This paper also describes applying controls that include access control, authentication, continuous monitoring, data security, governance, and network segmentation.
We Want to Hear from You!
The public comment period for this draft is open until January 6, 2025, at 11:59 P.M. EST. You can view the publication and submit comments by visiting the NCCoE project page. If you have any questions, please email our team at hit_nccoe@nist.gov.
Access Control; Awareness and Training; Configuration Management; Identification and Authentication; Risk Assessment; System and Communications Protection
Publication:
https://doi.org/10.6028/NIST.CSWP.34.ipd
Download URL
Supplemental Material:
Submit Comments
Project homepage
Document History:
11/06/24: CSWP 34 (Draft)
identity & access management, privacy, risk management
Technologiescloud & virtualization, networks
Applications Laws and RegulationsHealth Insurance Portability and Accountability Act, Internet of Things Cybersecurity Improvement Act
Sectors