NIST on IoT, Apple Health, Net Neutrality, Stroke Alert App and Microsoft

TLP White

This week we wish Ben Flatgard well on the next chapter of his career and welcome our new Hacking Healthcare blogger. We’ll also take a look at a few federal agency reports and announcements as well as a tech giant’s decision to launch medical clinics for all its employees. As a special treat, we also provide a quick recap of an exciting Supreme Court case. Welcome back to Hacking Healthcare.


Hot Links –

  1. Keep your wearables secure, and your implantables securer: The National Institute of Standards and Technology (“NIST”) recently released a draft report developed by the Interagency International Cybersecurity Standardization Working Group entitled Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT) (“Report”).[1]


The Report explains that Health IoT and Medical Devices (wearables, implantables, injectables, ingestibles) enable doctors, patients, and users to participate in real-time health monitoring, medication and nutrition tracking, and imaging.  Despite these benefits, the Report also explains that like most IoT devices, Health IoT and Medical devices may be exposed to cybersecurity vulnerabilities.


If you are feeling inspired, NIST is accepting public comments on the Report until April 18, 2018.[2]  


  1. Apple tackles employee health: Apple is making health care moves with the launch of a group of independent health clinics, also known as AC Wellness.[3] Apple will initially operate two clinics in Santa Clara County, California, and will be providing primary care services to Apple employees and their families as early as this spring.  Job listings show that Apple is looking to hire designers to implement a program focused on preventing disease and promoting healthy behavior.


  1. FCC’s net neutrality repeal: The Federal Communications Commission recently published its order to repeal net neutrality[4] and HealthcareITNews addressed how the order impacts the healthcare industry.[5] Jessica Davis reports that while FCC Chairman Ajit Pai argues the repeal will boost telemedicine, some groups argue the repeal will enable the internet service providers to create fast lanes and charge higher fees and services. Ms. Davis says that some opponents feel the repeal may actually cause hospitals to reduce telemedicine programs because they will need to spend more money on the increased internet prices.


  1. Stroke-alert – there’s an app for that: The Food and Drug Administration said it will permit, a healthcare company that relies on artificial intelligence and deep learning to analyze medical data,[6] to market an application that may alert medical practitioners of a potential stroke.[7] According to an FDA press release, the application permits a first-line practitioner to use the application to analyze CT images of a patient’s brain.  If the application identifies a potential stroke, it will automatically alert a medical specialist’s mobile device of the potential stroke. However, the specialist must review the CT images on a clinical workstation.


  1. Divided court on U.S. v. Microsoft: The Supreme Court heard oral argument for U.S. v. Microsoft, which examines whether the federal government can use warrants to force Microsoft to turn over data stored overseas.[8] The case is the latest example of applying an old law to technology that was unfathomable at the time of its passage.


Microsoft’s position has been that U.S. law enforcement must go through Irish authorities to obtain the content of emails regarding a U.S. drug tracking investigation.  Meanwhile, the Justice Department asserts that the U.S. issued warrant is enough to access the data because the information is stored on the cloud, thus Microsoft can obtain the data from within the United States.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.

Read full blog below:


HackingHealthcare Public TLP White Newsletter 3.13.2018