惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
WordPress大学
WordPress大学
博客园 - 【当耐特】
Engineering at Meta
Engineering at Meta
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
美团技术团队
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
Martin Fowler
Martin Fowler
Recorded Future
Recorded Future
H
Help Net Security
aimingoo的专栏
aimingoo的专栏
Y
Y Combinator Blog
博客园_首页
A
About on SuperTechFans
MongoDB | Blog
MongoDB | Blog
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
D
DataBreaches.Net
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
B
Blog
The Register - Security
The Register - Security
I
InfoQ
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
雷峰网
雷峰网
Last Week in AI
Last Week in AI
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
有赞技术团队
有赞技术团队
Stack Overflow Blog
Stack Overflow Blog
Jina AI
Jina AI
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News - Newest:
Hacker News - Newest: "LLM"
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Latest news
Latest news
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
博客园 - Franky
Recent Commits to openclaw:main
Recent Commits to openclaw:main
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

News and Events Feed by Topic

NIST Receives New Patent for Microbe-Killing Water Heater Spotlight: How NIST Helps Make Sure the Fish You Catch Are Safe to Eat NIST Expands Its Library of ‘Chemical Fingerprints’ to Identify Unknown Substances SRM Story: SRM 1947a Great Lakes Fish Tissue SRM Story: SRMs 3672a and 3673a Organic Contaminants in Smokers’ and Nonsmokers’ Urine Space: The Final Frontier for Standards NIST’s ‘Living Reference Material’ Could Accelerate R&D of Lifesaving Biological Drugs NIST Awards Over $1.8 Million to Small Businesses Advancing AI, Semiconductors, Additive Manufacturing and More SRM Story: SRM 965c Glucose in Frozen Human Serum Second Seminar on Building an In-Space Circular Economy New NIST Reference Material to Strengthen Quality Control for Biological Drugs NIST Releases Trove of Genetic Data to Spur Cancer Research New NIST Research Grade Test Material to support mRNA therapeutics NIST Shares Preliminary Findings From Hurricane Maria Investigation New NIST Standard Helps Deliver the Right Dosage of Cancer-Fighting Drugs Second Series of Workshops on Measurements and Standards for Advanced Therapy NIST Researcher Addresses London Healthcare Innovation Forum NIST Releases Reference Material to Aid Gut Microbiome Research NIST Researchers Develop Material for Measuring Arsenic in Shellfish 2025 NIST Workshop on Rapid Microbial Testing Methods An SRM for Accuracy in Electrolyte Panel Clinical Tests Study Highlights Need for Standardized Measurement Methods in Gene Therapy NIST Develops Genetic Material for Validating H5N1 Bird Flu Diagnostic Tests PFAS Found in Firefighter Gloves, Hoods and Wildland Gear AI and Flow Cytometry Workshop Genome Editing Consortium Workshop Social Spotlight: Engineered Cells as a Shoebox NIST Scientists Use DNA Origami on a Chip to Detect Biomolecules NIST Awards Up to $1.5 Million to Support Development of Regenerative Medicine Standards Curricula NIST Research Leader Featured in Medical IoT Discussions Spotlight: Game-Changing Microscopy Technique for Identifying Cancerous Cells Spotlight: Cassie Stoffer Helps Run Calibration and Measurement Services Related to Magnetic Resonance NIST Researchers to Test New Approach for Detecting Cannabis in Breath Spotlight: SURF Student Zainab Altamimi Spends Her Summer Researching the Capsules and Tablets in 3D Drug Printing From Pandemics to Pedicures: NIST Rebuilds World-Class UV Calibration System NIST Partners With the Gates Foundation to Develop Breathalyzers for Malaria and Tuberculosis Research Finds Dolphins With Elevated Mercury Levels in Florida and Georgia NIST Awards Over $1.2 Million to Small Businesses to Advance Cybersecurity, Biopharmaceuticals, Semiconductors and More Spotlight: Shape-Shifting Probes Will Help Improve MRI Imaging NIST Researchers Use Cellphone Compass to Measure Tiny Concentrations of Compounds Important for Human Health CHIPS R&D National Advanced Packaging Manufacturing Program (NAPMP) Advanced Packaging Summit NIST-Led Working Group Developing Standards for Organ-on-a-Chip Research 2024 NIST Rapid Microbial Testing Methods Consortium Workshop
Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines
Chad Boutin · 2025-12-17 · via News and Events Feed by Topic
  • Smart home devices, such as voice-activated digital assistants, are increasingly used to support home health care.
  • Cybersecurity and privacy risks can threaten patient confidentiality, as smart home systems may not be able to support recommended data protection practices.
  • New NIST guidelines — such as enabling message encryption for home health care systems — can help mitigate these risks, benefiting providers as well as telehealth patients.
A cylindrical smart speaker sits on a wooden table in a living room.

Credit: Gorodenkoff/Shutterstock

Smart speakers are commonly used to answer questions, control thermostats and play music. Now consumers are calling on them for home health care — to talk to a provider, refill a prescription or schedule an appointment. Telehealth can benefit patients, but the threats are numerous as well: An attacker could alter a prescription, steal confidential medical data or connect the patient to an impostor.

To reduce the cybersecurity risks these interactions carry, the National Institute of Standards and Technology (NIST) has released guidelines that can help protect patients and providers alike.

The newly finalized guidelines, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration, build on NIST’s prior work in telehealth cybersecurity. The publication examines privacy and cybersecurity risks associated with home telehealth, using smart speakers — also called voice-activated digital assistants — as an example of a device that patients at home might use to communicate with providers.

“Certain people might not be able to reach a hospital, but they can talk to their smart speaker,” said Ron Pulivarti, a cybersecurity specialist at NIST’s National Cybersecurity Center of Excellence (NCCoE). “Telehealth patients and their providers exchange confidential information over the network, and we want to show what can go wrong and what we can do to protect them.”

Smart speakers are networked Internet of Things (IoT) devices that respond to voice commands. Generally linked to AI assistant software, they can be combined with hospital-grade medical devices that monitor a patient’s vitals to provide an inpatient care experience at home.

This combination of consumer and hospital-grade devices is a form of telehealth called a hospital-at-home (HaH) program. The patient can use the smart speaker to interact with a health care provider and perform actions such as completing a daily check-in or viewing test results. Once the patient activates the voice assistant to perform an action, a recording of their voice is sent to the voice assistant platform for processing — one point where patient information could be exposed to an attacker.

“Certain people might not be able to reach a hospital, but they can talk to their smart speaker. Telehealth patients and their providers exchange confidential information over the network, and we want to show what can go wrong and what we can do to protect them.” —Ron Pulivarti, cybersecurity specialist at NIST’s National Cybersecurity Center of Excellence

“HaH programs can benefit a homebound patient, but they have vulnerabilities because of their connection to public computer networks,” Pulivarti said. “Smart speakers may not have capabilities that support recommended privacy and security practices, and they may be used as pivot points for attackers to gain access to a hospital’s system.”

This publication considers telehealth solutions that use voice assistants in the patient’s home as well as all the network devices and systems needed to connect the patient’s home to the hospital health information systems. The publication offers several examples of threat scenarios. Among the potential threats are:

  • Data exfiltration: intercepting unencrypted communications from a voice assistant to obtain personal identifiable information (PII) or protected health information.
  • Data manipulation: compromising patient data integrity by intercepting and manipulating data.
  • Denial of service: disrupting availability and predictability.
  • Operating system or application disruption: altering voice commands sent to the health care provider, leading to incorrect processing of patient requests.
  • Unauthorized access: compromising patient data by accessing a patient’s voice assistant device through their home network or weak physical authorization controls.

Many of the recommended guidelines for mitigating these threats draw upon several other NIST publications including the NIST Cybersecurity Framework (CSF 2.0), the NIST Privacy Framework (PF 1.0) and the Profile of the IoT Core Baseline for Consumer IoT Products (NISTIR 8425).

The recommendations include enabling encryption of messages and limiting access to authorized individuals and devices. An overarching theme is for providers to ensure what is known as “network segmentation” between medical or biometric devices and other parts of the home and health care systems. Network segmentation divides the network into subsections using hardware such as firewalls, impeding an attacker’s ability to compromise a weak spot and affect other devices.

Although the guidelines are aimed primarily at technical specialists and information security professionals, Pulivarti said that patients also would benefit from knowing about them.

“Patients can turn around and educate their caregivers, who may not have encountered these guidelines,” he said. “By implementing the mitigations we offer here, health care providers can reduce their security and privacy risks while providing valued services to their patients.”