![\"A](\"https:\/\/www.newsbeep.com\/au\/wp-content\/uploads\/2025\/12\/shutterstock_1672762930.jpg\")
<\/p>\n <\/p>\n
\n Credit:<\/p>\n
Gorodenkoff\/Shutterstock<\/p>\n
Smart speakers are commonly used to answer questions, control thermostats and play music. Now consumers are calling on them for home health care \u2014 to talk to a provider, refill a prescription or schedule an appointment. Telehealth can benefit patients, but the threats are numerous as well: An attacker could alter a prescription, steal confidential medical data or connect the patient to an impostor.<\/p>\n
To reduce the cybersecurity risks these interactions carry, the National Institute of Standards and Technology (NIST) has released guidelines that can help protect patients and providers alike.<\/p>\n
The newly finalized guidelines, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration<\/a>, build on NIST\u2019s\u00a0prior work<\/a> in telehealth cybersecurity. The publication examines privacy and cybersecurity risks associated with home telehealth, using smart speakers \u2014 also called voice-activated digital assistants \u2014 as an example of a device that patients at home might use to communicate with providers.<\/p>\n \u201cCertain people might not be able to reach a hospital, but they can talk to their smart speaker,\u201d said Ron Pulivarti, a cybersecurity specialist at NIST\u2019s National Cybersecurity Center of Excellence (NCCoE<\/a>). \u201cTelehealth patients and their providers exchange confidential information over the network, and we want to show what can go wrong and what we can do to protect them.\u201d<\/p>\n Smart speakers are networked Internet of Things (IoT) devices that respond to voice commands. Generally linked to AI assistant software, they can be combined with hospital-grade medical devices that monitor a patient\u2019s vitals to provide an inpatient care experience at home.<\/p>\n This combination of consumer and hospital-grade devices is a form of telehealth called a hospital-at-home (HaH) program. The patient can use the smart speaker to interact with a health care provider and perform actions such as completing a daily check-in or viewing test results. Once the patient activates the voice assistant to perform an action, a recording of their voice is sent to the voice assistant platform for processing \u2014 one point where patient information could be exposed to an attacker.<\/p>\n \u201cCertain people might not be able to reach a hospital, but they can talk to their smart speaker. Telehealth patients and their providers exchange confidential information over the network, and we want to show what can go wrong and what we can do to protect them.\u201d \u2014Ron Pulivarti, cybersecurity specialist at NIST\u2019s National Cybersecurity Center of Excellence<\/p>\n \u201cHaH programs can benefit a homebound patient, but they have vulnerabilities because of their connection to public computer networks,\u201d Pulivarti said. \u201cSmart speakers may not have capabilities that support recommended privacy and security practices, and they may be used as pivot points for attackers to gain access to a hospital\u2019s system.\u201d<\/p>\n This publication considers telehealth solutions that use voice assistants in the patient\u2019s home as well as all the network devices and systems needed to connect the patient\u2019s home to the hospital health information systems. The publication offers several examples of threat scenarios. Among the potential threats are:<\/p>\n Data exfiltration: intercepting unencrypted communications from a voice assistant to obtain personal identifiable information (PII) or protected health information.Data manipulation: compromising patient data integrity by intercepting and manipulating data.Denial of service: disrupting availability and predictability.Operating system or application disruption: altering voice commands sent to the health care provider, leading to incorrect processing of patient requests.Unauthorized access: compromising patient data by accessing a patient\u2019s voice assistant device through their home network or weak physical authorization controls.<\/p>\n Many of the recommended guidelines for mitigating these threats draw upon several other NIST publications including the NIST Cybersecurity Framework (CSF 2.0<\/a>), the NIST Privacy Framework (PF 1.0<\/a>) and the\u00a0Profile of the IoT Core Baseline for Consumer IoT Products\u00a0(NISTIR 8425<\/a>).<\/p>\n The recommendations include enabling encryption of messages and limiting access to authorized individuals and devices. An overarching theme is for providers to ensure what is known as \u201cnetwork segmentation\u201d between medical or biometric devices and other parts of the home and health care systems. Network segmentation divides the network into subsections using hardware such as firewalls, impeding an attacker\u2019s ability to compromise a weak spot and affect other devices.<\/p>\n Although the guidelines are aimed primarily at technical specialists and information security professionals, Pulivarti said that patients also would benefit from knowing about them.<\/p>\n \u201cPatients can turn around and educate their caregivers, who may not have encountered these guidelines,\u201d he said. \u201cBy implementing the mitigations we offer here, health care providers can reduce their security and privacy risks while providing valued services to their patients.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"Credit: Gorodenkoff\/Shutterstock Smart speakers are commonly used to answer questions, control thermostats and play music. Now consumers are…\n","protected":false},"author":2,"featured_media":355270,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[64,63,137,500],"class_list":{"0":"post-355269","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-healthcare","8":"tag-au","9":"tag-australia","10":"tag-health","11":"tag-healthcare"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/355269","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/comments?post=355269"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/355269\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media\/355270"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media?parent=355269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/categories?post=355269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/tags?post=355269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}