NIST SPECIAL PUBLICATION 1800-30

---

Securing Telehealth Remote Patient Monitoring Ecosystem

Securing Telehealth Remote Patient Monitoring Ecosystem

---

Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)

Jennifer Cawthra*

Nakia Grayson

Ronald Pulivarti

Bronwyn Hodges

Jason Kuruvilla*

Kevin Littlefield

Sue Wang

Ryan Williams*

Kangmin Zheng

*Former employee; all work for this publication done while at employer.

FINAL

This publication is available free of charge from https://doi.org/10.6028/NIST.SP.1800-30

The second draft of this publication is available free of charge from https://www.nccoe.nist.gov/sites/default/files/legacy-files/rpm-nist-sp1800-30-2nd-draft.pdf

NIST SPECIAL PUBLICATION 1800-30

Securing Telehealth Remote Patient Monitoring Ecosystem

Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)

Jennifer Cawthra*

Nakia Grayson

Ronald Pulivarti

National Cybersecurity Center of Excellence

National Institute of Standards and Technology

Bronwyn Hodges

Jason Kuruvilla*

Kevin Littlefield

Sue Wang

Ryan Williams*

Kangmin Zheng

The MITRE Corporation

McLean, Virginia

*Former employee; all work for this publication done while at employer.

FINAL

February 2022

U.S. Department of Commerce

Gina M. Raimondo, Secretary

National Institute of Standards and Technology

James K. Olthoff, Performing the non-exclusive functions and duties of the Under Secretary of Commerce for Standards and Technology & Director, National Institute of Standards and Technology

Volume A

• Executive Summary
  • Challenge
  • Solution
  • How To Use This Guide
  • Share Your Feedback
  • Collaborators

Volume B

• 1 Summary
  • 1.1 Challenge
  • 1.2 Solution
• 2 How to Use This Guide
  • 2.1 Typographic Conventions
• 3 Approach
  • 3.1 Audience
  • 3.2 Scope
  • 3.3 Assumptions
  • 3.4 Risk Assessment
    • 3.4.1 Threats
    • 3.4.2 Vulnerabilities
    • 3.4.3 Problematic Data Actions for Privacy
    • 3.4.4 Risk
    • 3.4.5 Mitigating Risk
  • 3.5 Security Control Map
  • 3.6 Technologies
• 4 Architecture
  • 4.1 Layering the Architecture
  • 4.2 High-Level Architecture Communications Pathways
    • 4.2.1 Cellular Data Pathways
    • 4.2.2 Broadband Pathways
  • 4.3 Data and Process Flows
  • 4.4 Security Capabilities
    • 4.4.1 Telehealth Platform Provider
    • 4.4.2 Identity Management, Authentication, and Access Control
    • 4.4.3 Data Security
    • 4.4.4 Anomalies and Events and Security Continuous Monitoring
  • 4.5 Final Architecture
• 5 Security and Privacy Characteristic Analysis
  • 5.1 Assumptions and Limitations
  • 5.2 Pervasive Controls
  • 5.3 Telehealth Platform Providers
  • 5.4 Risk Assessment (ID.RA and ID.RA-P)
  • 5.5 Identity Management, Authentication, and Access Control (PR.AC and PR.AC-P) Protective Technology
    (PR.PT-P)
  • 5.6 Data Security (PR.DS and PR.DS-P)
  • 5.7 Anomalies and Events, Security Continuous Monitoring (DE.AE, DE.CM), and Data Processing Management
    (CT.DM-P)
• 6 Functional Evaluation
  • 6.1 RPM Functional Test Plan
    • 6.1.1 RPM Functional Evaluation
    • 6.1.2 Test Case: RPM-1
    • 6.1.3 Test Case: RPM-2
    • 6.1.4 Test Case: RPM-3
    • 6.1.5 Test Case: RPM-4
    • 6.1.6 Test Case: RPM-5
    • 6.1.7 Test Case: RPM-6
    • 6.1.8 Test Case: RPM-7
    • 6.1.9 Test Case: RPM-8
    • 6.1.10 Test Case: RPM-9
    • 6.1.11 Test Case: RPM-10
    • 6.1.12 Test Case: RPM-11
• 7 Future Build Considerations
• Appendix A List of Acronyms
• Appendix B References
• Appendix C Threats and Risks
  • C-1 Discussion on the Risk Management Framework
  • C-2 Information and Information System Categorization
  • C-3 Risk Context
  • C-4 Threats
  • C-5 Threat Sources
    • C-5.1 Business Processes
  • C-6 Vulnerabilities
  • C-7 Threat Modeling
    • C-7.1 Modeling Threats to the Patient Home
    • C-7.2 Linking Threats to Adverse Actions
• Appendix D Problematic Data Actions and Risks
  • D-1 Privacy Risk Assessment Methodology
  • D-2 Problematic Data Actions and Mitigations
    • D-2.1 Privacy Risk 1: Storage and movement of data create multiple points of potential exposure after data are collected from the patient
    • D-2.2 Privacy Risk 2: Biometric device types can indicate patient health problems that individuals would prefer not to disclose beyond their healthcare provider
    • D-2.3 Privacy Risk 3: Incorrect data capture of readings by devices may impact quality of patient care
    • D-2.4 Privacy Risk 4: Aggregated data may expose patient information
    • D-2.5 Privacy Risk 5: Exposure of patient information through multiple providers of system components increases the likelihood of exposure of patient data to unintended recipients
  • D-3 Additional Program Mitigations Applicable Across Various Data Actions
• Appendix E Benefits of IoT Device Cybersecurity Requirements
  • E-1 Device Capabilities Mapping
  • E-2 Device Capabilities Supporting Functional Evaluations
• Appendix F Applying the OSI Model in Understanding Zero Trust Architecture

Volume C

• 1 Introduction
  • 1.1 How-To Guide
  • 1.2 Build Overview
  • 1.3 Typographic Conventions
  • 1.4 Logical Architecture Summary
• 2 Product Installation Guide
  • 2.1 Telehealth Platform Provider
    • 2.1.1 Accuhealth
      • 2.1.1.1 Patient Home–Communication Path A
      • 2.1.1.2 HDO
    • 2.1.2 Vivify
      • 2.1.2.1 Patient Home–Communication Path B
      • 2.1.2.2 Patient Home–Communication Paths C and D
      • 2.1.2.3 Telehealth Platform Provider–Communication Paths C and D
      • 2.1.2.4 HDO
  • 2.2 Security Capabilities
    • 2.2.1 Risk Assessment Controls
      • 2.2.1.1 Tenable.sc
      • 2.2.1.2 Nessus
    • 2.2.2 Identity Management, Authentication, and Access Control
      • 2.2.2.1 Domain Controller
      • 2.2.2.2 Cisco Firepower
    • 2.2.3 Security Continuous Monitoring
    • 2.2.4 Cisco Stealthwatch
      • 2.2.4.1 Cisco Umbrella
      • 2.2.4.2 LogRhythm XDR (Extended Detection and Response)
      • 2.2.4.3 LogRhythm NetworkXDR
      • 2.2.4.4 LogRhythm System Monitor Agent
    • 2.2.5 Data Security
      • 2.2.5.1 Onclave SecureIoT
• Appendix A List of Acronyms
• Appendix B References