telehealth INsecurity

The COVID-19 pandemic is bringing a substantial increase in security incidents that compromise or disable critical healthcare systems.   Security experts at DataBreach Today attribute those attacks to sophisticated groups seeking ransoms or attempting to steal personal data for resale on the "dark net".
For several years the same security experts have warned about an increase in security breaches in the field of the Internet of Things (IoT) -- all those little "smart" devices in the homes capable of communicating to the cloud.
Unfortunately, remote patient monitoring "RPM"  systems (a critical part of any telehealth solution) fall at the intersection of IoT and critical healthcare systems.  RPMs are not just doubly impacted, they are a large (due to the number of patients) and more importantly soft target.  The softness falls under two categories:

• Hardware communication devices sourced from distant vendors found on Alibaba.  Many components do not meet any standard (such a Bluetooth SIG) and there is no way to tell if accidentally or intentionally some capabilities or protections meet proper security requirements.  Think Huawei minus any response, independent review or documentation to assess risk.
• Software is cobbled up from a variety of low-cost ready-made modules from a multitude of known or less known publishers.  Even if each module is secure and without errors or backdoors, the weak points are in the "glue" connecting those modules, and the many hand-offs of data from one module to another.   And as many opportunities for a nefarious actor to find a way in to steal data or disable functionality.

Apple insists on controlling all aspects from their proprietary hardware to the software running on it, even from third parties.  For good reasons.

Evexia designed and implemented its system to be secure from the ground-up.  There are no hardware and software components originating from sources outside the US/EU.  Software, from the operating system down to the specific functionality is built in-house or from source code.  Communications are secure at the hardware level, in the chip.