“For cloud/hosted solutions, it is very important to know what security is being provided. We work with companies like Microsoft and Amazon, which are leaders in cybersecurity and quick to address any threats.

“The infrastructure components are a more unique aspect of RTLS. RTLS tags communicate wirelessly to a reader, so the security of that communication and the devices is essential. We take a number of steps in this area: • We keep our hardware as simple as possible. The majority of our tags use uni-directional beaconing, which doesn’t require them to authenticate with the network; in other words, they don’t have direct network access. Our newer genera- tion of tags, which can be bi-directional for configuration and firmware updates, utilize the latest enterprise Wi-Fi security protocols, which can be field-updated as needed.

• We regularly update our solutions to address known vulnerabilities like man- in-the-middle attacks, replay protection, etc.

• We have cybersecurity experts who conduct regular audits of our solutions. We are prepared to address and respond to vulnerabilities as they pop-up (just recently, Spectre and Meltdown, as an example).”

Kevin Jackson, Chief Technologist, Versus Technology, a subsidiary of Midmark Corp., Traverse City, MI

“The threat of cyberattacks in healthcare has never been more prevalent and is a major concern of every organization looking to establish an RTLS entry point into their network and systems. Versus understands the necessity of security controls at both the hardware and application level and makes particular effort to ensure security controls are enabled to deter malicious intrusion. For hardware, the Versus RTLS network is a closed system and restricts the transmission of any code-based intrusion. In addition, only registered hardware components are authorized to communicate with the Versus platform. The approach prevents malicious piggybacking of the Versus RTLS sensory network as an organizational network entry point and restricts any data location hoaxes to be inserted.

“Ensuring security controls are estab- lished at the software application layer is just as important. Versus takes particular attention to safeguard the use of software components, ensuring they are only acces-

sible to authorized users. In addition, pro- gramming of controls that restrict malicious events are not allowed, such as SQL injec- tion. Finally, data transmissions between Versus applications are securely encrypted preventing exposure to sensitive data.”

Chris Sullivan, Global Healthcare Practice Lead, Zebra Technologies, Lincolnshire, IL

“As the threat of cyberattacks/hacking/ malicious coding continues to grow it’s important for hospitals to remain vigilant. RTLS systems are an extension to or part of the hospital’s own network and should be treated as such. RTLS system security, threats and vulnerabilities should be as- sessed following industry best-practices and protected. Different RTLS modalities have different feature/function sets and thus security should be accessed on a modality- by-modality basis. Each system should be evaluated based on risk and security level. What data does the solution create, how is data moved, where does data reside, how does data get converted into information, what type of information is created, are there regulatory requirements for handling the data/information, and what happens if the data is compromised, all factor into assessing the risk to the business. Honest risk assessment is one means of helping a hospital determine the appropriate level of security to employ.

“RTLS modalities each differ in how they create, store, move and convert data into information. Passive and active bea- con technologies that do little more than broadcast their own ID and possibly other data about themselves (e.g., MAC ID, serial number, temperature, battery power, etc.) are inherently secure. While these sensors could be intercepted they are not connected to the network and do not carry sensitive data. The RTLS system components that are connected to the hospital’s network and/or handle sensitive information should employ appropriate security methods and technologies including, user authentication, encryption, rotating passwords and keys, system firewalls and other security best practices. Hospitals should be proactive in setting security requirements that force RTLS systems to employ a level of security that is as strong or stronger than the hospital network they are connecting to.”

Matthew Cannell, Senior Program Manager, Service Technology, GE Healthcare

“From an RF standpoint, Encompass uses commercial Bluetooth low energy and Wi-Fi technologies. Once configured, the


active [Bluetooth Low Energy] BLE bea- cons simply broadcast their ID and a few operating parameters, such as battery life. They are not physically or virtually con- nected to the hospital’s network. While one could intercept the data transmission from a BLE beacon there is no meaningful information to exploit.”

Charity Carney, Vice President, Software Development and Security, Champion Healthcare Technologies, Lake Zurich, IL

“Nearly every system on the planet carries some degree of risk or vulnerability of exposure. RTLS systems are no exception to this, but depending on their architecture and content [they] may vary in allure to cybercriminals. A key strategy to mini- mizing or eliminating risk from an RTLS vulnerability is to build infrastructure and arrange firewalls or boundaries effectively. Protecting points of connectivity between systems is critically important. Addition- ally, certain tactics can be used to negate the value of a successful hack through RTLS/RFID. The less useful information that could be gained through a success- ful hack, the less likely that hackers will identify you as a target.”

Sandy Murti, Senior Director, Industry Solutions & Business Development, Impinj Inc., Seattle

“Unlike many other RTLS technologies, Impinj’s RAIN RFID uses a passive RFID tag/reader that limits the distance the tag can be read. This means that proximity and geo fencing can be tightly defined. Also, Impinj’s RAIN RFID can operate without connecting to the internet, external network or third-party systems. All the connections occur between the Impinj gateway readers and Impinj ItemSense software. “Signal proximity and closed system design help limit Impinj RAIN RFID tags and readers from hacking risks. Impinj doesn’t depend on the internet or third- party servers to operate.”

What are some of the warning signs for which providers should watch that their RTLS systems may be vulnerable to cyber attacks, hacking or malicious coding? GEVA: “An attack via an RTLS system is so far only theoretical — it has never occurred. This is not to say that it couldn’t, but we put or effort into proactive mea- sures. We encourage our customers to bring their concerns to us so we can work on them together and close any possible gap before it can be exploited.”

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82