惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
V2EX - 技术
V2EX - 技术
P
Privacy & Cybersecurity Law Blog
T
The Exploit Database - CXSecurity.com
美团技术团队
WordPress大学
WordPress大学
博客园 - 司徒正美
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
Security Latest
Security Latest
L
LINUX DO - 最新话题
NISL@THU
NISL@THU
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Y
Y Combinator Blog
The Hacker News
The Hacker News
Security Archives - TechRepublic
Security Archives - TechRepublic
IT之家
IT之家
T
Threatpost
Hugging Face - Blog
Hugging Face - Blog
Scott Helme
Scott Helme
S
SegmentFault 最新的问题
Cyberwarzone
Cyberwarzone
C
Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
小众软件
小众软件
V
Vulnerabilities – Threatpost
J
Java Code Geeks
V
Visual Studio Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
Arctic Wolf
博客园 - 【当耐特】
Microsoft Security Blog
Microsoft Security Blog
S
Security @ Cisco Blogs
雷峰网
雷峰网
Help Net Security
Help Net Security
The Last Watchdog
The Last Watchdog
Recent Announcements
Recent Announcements
G
Google Developers Blog
C
CERT Recently Published Vulnerability Notes
T
Troy Hunt's Blog
MyScale Blog
MyScale Blog

News and Events Feed by Topic

Securing AI Data Center: Architecture, Security Posture, and Emerging Standards New NCCoE Project: Asset Management and Visibility for Operational Technology (OT) Environments NIST Guidelines for Secure Remote Access in Water and Wastewater Systems NIST Workshop on Hardware CPE and CVSS Updates NCCoE Two-Pager Now Available: Effective OT Backup Management The Department of Commerce’s CHIPS Program Announces a Letter of Intent with Coherent for up to $50 Million to Expand Indium Phosphide Production Now Available: Practical Guidelines for Preventing and Mitigating Ransomware NIST NCCoE Genomic Data PETs Testbed & Dioptra Webinar NIST Mathematical Proof Supports Transition to a Continuous-Monitor-and-Update Security Model for AI Systems NCCoE Cybersecurity Connections Event: Accelerating the Adoption of Mobile Driver's Licenses NIST Expands AI Consortium’s Scope, Calls for New Members Now Available: NIST SP 1800-41, Responding to and Recovering from a Cyber Attack NCCoE Manufacturing Project Update NIST NCCoE Cyber AI Profile Virtual Working Session Series: Usability of the Profile Draft PNT Profile Updated to Align with NIST CSF 2.0 NIST NCCoE Cyber AI Profile Virtual Working Session Series: Extending the Technical Content CAISI Signs Agreements Regarding Frontier AI National Security Testing With Google DeepMind, Microsoft and xAI NIST NCCoE Cyber AI Profile Virtual Working Session Series: Updates to Profile Elements and Contents NICE Releases NICE Framework Components v2.2.0 Adoption of Mobile Driver’s Licenses for Financial Institutions Webinar NIST Updates NVD Operations to Address Record CVE Growth New Publication: Automation of the NIST Cryptographic Module Validation Program NIST Workshop on AI Incident Management Cybersecurity for IoT Workshop: Future Directions New Live Guidelines for Secure Software Development, Security, and Operations Practices Workshop on Blockchain and Distributed Ledger Technologies Improving the Nation’s Cybersecurity - an Open Forum NIST Guidelines on Implementing Mobile Driver’s Licenses for Financial Institutions NICE Webinar: Beyond Technical Skills - The Human Element of a Cyber Career Artificial Intelligence (AI) for Manufacturing Workshop Safeguarding Health Information: Building Assurance through HIPAA Security 2026 Workshop on Blockchain and Distributed Ledger Technologies 2026 Time and Frequency Seminar NCCoE Project Portfolio Webinar MLXN: Machine Learning for X-ray and Neutron Scattering Comment Now: Draft Guidelines on Data Classification Practices Technologies and Use Cases for Smart Standards NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More Building the Strategic Supply Chain Network Iris Experts Group Annual Meeting New Concept Paper on Identity and Authority of Software Agents SUSHI@NIST: Rolling Next-Generation Secure Hardware into Standards Now Available! Transit Cybersecurity Framework Community Profile Now Available: NIST NCCoE Project Portfolio Cyber AI Workshop #2 NIST Launches Centers for AI in Manufacturing and Critical Infrastructure Apply on USAJobs: Open CAISI Position for an AI Research Scientist Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment Just Published! Final NIST Telehealth Smart Home Integration Cybersecurity White Paper Draft NIST Guidelines Rethink Cybersecurity for the AI Era Comment & Save the Date Now! NIST Cyber AI Profile Preliminary Draft & Workshop Final NCCoE IoT Secure Onboarding Publications Now Available! Mobile Driver’s License Project Update Webinar NCCoE Cybersecurity Connections – Strengthening the Cybersecurity Workforce New Draft White Paper | PQC Migration: Mappings to Risk Framework Docs Now Available: NIST Final SP 1800-37, Addressing Visibility Challenges with TLS 1.3 NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States Feedback Requested: NIST Cryptographic Module Validation Program White Paper New NIST NCCoE Mobile Drivers Licenses Project Resources Now Available! CSF 2.0 Webinar Series: Deep-Dive into the CSF 2.0 Govern Function to Improve Cybersecurity Final Publication Available: NIST IR 8523, Multi-Factor Authentication for Criminal Justice Information Systems Federal Investments in IoT Infrastructure Offer 10-20x Return, NIST Study Finds Final NIST IR 8349 Released: Characterize & Secure Your IoT Devices NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases We Want Your Feedback! Developing a Transit Cybersecurity Framework Community Profile Advances in Automation of Quantum Dot Devices Control Empowering Future Innovators: NIST CTL Connects Cybersecurity Students with Real-World Research NIST Awards Over $1.8 Million to Small Businesses Advancing AI, Semiconductors, Additive Manufacturing and More NIST Researchers Demonstrate that Superconducting Neural Networks Can Learn on Their Own STPPA8: Special Topics on Privacy and Public Auditability — Event 8: Experimenting with Privacy-Enhancing Cryptography (PEC) Implementations NIST Finalizes ‘Lightweight Cryptography’ Standard to Protect Small Devices NIST Releases Test Tools to Accelerate Adoption of Emerging Route Leak Mitigation Standards Second Seminar on Building an In-Space Circular Economy Lessons Learned from the Consortium: Tool Use in Agent Systems
Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines
Chad Boutin · 2025-12-17 · via News and Events Feed by Topic
  • Smart home devices, such as voice-activated digital assistants, are increasingly used to support home health care.
  • Cybersecurity and privacy risks can threaten patient confidentiality, as smart home systems may not be able to support recommended data protection practices.
  • New NIST guidelines — such as enabling message encryption for home health care systems — can help mitigate these risks, benefiting providers as well as telehealth patients.
A cylindrical smart speaker sits on a wooden table in a living room.

Credit: Gorodenkoff/Shutterstock

Smart speakers are commonly used to answer questions, control thermostats and play music. Now consumers are calling on them for home health care — to talk to a provider, refill a prescription or schedule an appointment. Telehealth can benefit patients, but the threats are numerous as well: An attacker could alter a prescription, steal confidential medical data or connect the patient to an impostor.

To reduce the cybersecurity risks these interactions carry, the National Institute of Standards and Technology (NIST) has released guidelines that can help protect patients and providers alike.

The newly finalized guidelines, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration, build on NIST’s prior work in telehealth cybersecurity. The publication examines privacy and cybersecurity risks associated with home telehealth, using smart speakers — also called voice-activated digital assistants — as an example of a device that patients at home might use to communicate with providers.

“Certain people might not be able to reach a hospital, but they can talk to their smart speaker,” said Ron Pulivarti, a cybersecurity specialist at NIST’s National Cybersecurity Center of Excellence (NCCoE). “Telehealth patients and their providers exchange confidential information over the network, and we want to show what can go wrong and what we can do to protect them.”

Smart speakers are networked Internet of Things (IoT) devices that respond to voice commands. Generally linked to AI assistant software, they can be combined with hospital-grade medical devices that monitor a patient’s vitals to provide an inpatient care experience at home.

This combination of consumer and hospital-grade devices is a form of telehealth called a hospital-at-home (HaH) program. The patient can use the smart speaker to interact with a health care provider and perform actions such as completing a daily check-in or viewing test results. Once the patient activates the voice assistant to perform an action, a recording of their voice is sent to the voice assistant platform for processing — one point where patient information could be exposed to an attacker.

“Certain people might not be able to reach a hospital, but they can talk to their smart speaker. Telehealth patients and their providers exchange confidential information over the network, and we want to show what can go wrong and what we can do to protect them.” —Ron Pulivarti, cybersecurity specialist at NIST’s National Cybersecurity Center of Excellence

“HaH programs can benefit a homebound patient, but they have vulnerabilities because of their connection to public computer networks,” Pulivarti said. “Smart speakers may not have capabilities that support recommended privacy and security practices, and they may be used as pivot points for attackers to gain access to a hospital’s system.”

This publication considers telehealth solutions that use voice assistants in the patient’s home as well as all the network devices and systems needed to connect the patient’s home to the hospital health information systems. The publication offers several examples of threat scenarios. Among the potential threats are:

  • Data exfiltration: intercepting unencrypted communications from a voice assistant to obtain personal identifiable information (PII) or protected health information.
  • Data manipulation: compromising patient data integrity by intercepting and manipulating data.
  • Denial of service: disrupting availability and predictability.
  • Operating system or application disruption: altering voice commands sent to the health care provider, leading to incorrect processing of patient requests.
  • Unauthorized access: compromising patient data by accessing a patient’s voice assistant device through their home network or weak physical authorization controls.

Many of the recommended guidelines for mitigating these threats draw upon several other NIST publications including the NIST Cybersecurity Framework (CSF 2.0), the NIST Privacy Framework (PF 1.0) and the Profile of the IoT Core Baseline for Consumer IoT Products (NISTIR 8425).

The recommendations include enabling encryption of messages and limiting access to authorized individuals and devices. An overarching theme is for providers to ensure what is known as “network segmentation” between medical or biometric devices and other parts of the home and health care systems. Network segmentation divides the network into subsections using hardware such as firewalls, impeding an attacker’s ability to compromise a weak spot and affect other devices.

Although the guidelines are aimed primarily at technical specialists and information security professionals, Pulivarti said that patients also would benefit from knowing about them.

“Patients can turn around and educate their caregivers, who may not have encountered these guidelines,” he said. “By implementing the mitigations we offer here, health care providers can reduce their security and privacy risks while providing valued services to their patients.”