IoT Security Reference Architecture for the Healthcare Industry - 05 Jun 2019

This document is not aimed at doctors or healthcare professionals. However, it is aimed at a wide audience including CxOs and IoT purchasers, IT departments, developers and OEM product management.

This architecture focuses on IoT devices and solutions implemented and managed a healthcare environment. The document first explores four IoT use cases:

• Fixed use case
• Portable local use case
• Portable loaned use case
• Personal device use case

It also presents reference architectures and highlights security considerations:

• Bounded Network with high integrity zone
• Boundaryless network
• Hybrid with different network technologies
• General security considerations for health-related IoT devices and platforms

The IoT Security Foundation security architecture series intends to:

• Reduce/manage complexity of IoT systems by simplifying implementation options
• Demonstrate what a good security regime looks like, by example
• Demonstrate how to support security in IoT for health with minimal reliance on healthcare professionals and patients
• Explain the benefits of a hub-based approach including achieving security goals, maintaining system hygiene and resilience, managing extensions and life-cycle provisioning
• Help foster growth and demand in the healthcare IoT marketplace and promote a security mindset for better-informed procurement decisions