IoT Security Reference Architecture for the Healthcare Industry

This document is not aimed at doctors or healthcare professionals. However, it is aimed at a wide audience including CxOs and IoT purchasers, IT departments, developers and OEM product management.

This architecture focuses on IoT devices and solutions implemented and managed a healthcare environment. The document first explores four IoT use cases:


Fixed use case
Portable local use case
Portable loaned use case
Personal device use case

It also presents reference architectures and highlights security considerations:


Bounded Network with high integrity zone
Boundaryless network
Hybrid with different network technologies
General security considerations for health-related IoT devices and platforms

The IoT Security Foundation security architecture series intends to:


Reduce/manage complexity of IoT systems by simplifying implementation options
Demonstrate what a good security regime looks like, by example
Demonstrate how to support security in IoT for health with minimal reliance on healthcare professionals and patients
Explain the benefits of a hub-based approach including achieving security goals, maintaining system hygiene and resilience, managing extensions and life-cycle provisioning
Help foster growth and demand in the healthcare IoT marketplace and promote a security mindset for better-informed procurement decisions