VA Wants to Protect the Medical Internet of Things

It’s unclear whether hacked pacemakers are a real threat, but the Veterans Affairs Department wants to make sure its patients never find out.

VA is gathering information about ways to protect the digitally-enabled medical devices that make up the Internet of Things -- the devices used for the treatment, diagnosis and monitoring of patients -- from outside intruders.

The department wants a “comprehensive, defense-in-depth” plan that would secure the devices on a hospital system’s network, according to a new request for information.

Today, devices are often connected to the hospital via a wireless connection, according to VA.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Hospital network security has been under scrutiny in the past few months. The MedStar Health system in Washington, D.C., recently fell victim to a ransomware attack, in which a piece of malware blocked access to patient records and demanded payment.

VA’s requirements for a security solution include:

• Not needing software to be installed on the device
• Scalability to millions or more devices
• Functionality across different physical and virtual environments
• Consideration for a time lag in the device
• Ability to provide reports on device traffic volume, threat indicators, and protocols
• Automation

Last fall, VA’s new chief information officer, LaVerne Council, debuted a new cybersecurity strategy that included a focus on medical cybersecurity and proposed taking new steps to secure connected medical devices.