Innovation in the field of medical technology will pave the way for groundbreaking advances in diagnoses, treatment and patient care for decades to come.
To foster the development of innovative connected medical devices and services, L-SPARK—a technology business accelerator—partnered with several leading technology companies to create the TELUS L-SPARK MedTech Accelerator. This collaboration aimed to provide key assistance and resources to Canadian start-ups in the MedTech field with the ultimate goal of bringing new medical technologies to market. CIRA was thrilled to be one of the partners in this exciting endeavor, contributing its cutting-edge IoT Registry to the project.
Leveraging CIRA’s IoT Registry as part of its product back-end, participating start-up and Nova Scotia-based technology company, Dispension, is changing the way people access restricted products by making the transaction safe, secure and convenient. Through the use of contactless, self-service kiosks and smart lockers equipped with advanced biometrics, Dispension’s IoT platforms allow patients to access prescriptions and other restricted products in urban, rural or even remote locations around the world. Its innovative solutions increase access to critical medications and prescriptions, extend hours of operation and improve customer experience.
This sounds great, but what about data security?
The ability to access medicines and prescription drugs conveniently will improve the quality of life for thousands if not millions of people, yet the problem of ensuring data security must be addressed. Without guaranteed data security, the platform cannot be viable.
Dispension’s area of expertise in the medical kiosk field is unquestioned, however, as a start-up they did not have the resources to afford expensive third-party auditing, penetration testing and certifications. Currently, Dispension is running on AWS with encrypted file systems, firewalls, real-time monitoring, tokenization, reverse SSH, policy documentation and other measures. While this is not a security solution, Dispension has many of the components in place for a solution that is secure. However, a major risk (and the problem that is solved by using CIRA’s IoT Registry), is being 100 percent certain that a kiosk on the network is really a Dispension kiosk, and not a fraudulent URL crafted in such a way as to introduce spoofed data.
By provisioning via the CIRA IoT Registry, Dispension’s kiosks and smart lockers can assume a commanding market position as the world’s first trusted IoT SAFE kiosk. The additional layer of security the CIRA IoT Registry provides, is one of several measures undertaken to protect the security of the business as well as their customers and their sensitive data.
How did CIRA’s IoT Registry help?
As a partner in the MedTech Accelerator program, CIRA contributed its IoT Registry technology and led technical sessions and one-on-one tutorials to help the start-up companies incorporate the Registry into their platforms.
For Dispension, CIRA’s IoT Registry is the perfect behind-the-scenes partner for its platform because it provides secure, zero-touch identity management for IoT deployments. The IoT Registry provides chip-to-cloud security that leverages CIRA’s trusted reputation as the operator of the .CA domain. It improves security and trust by giving each kiosk a hostname so Dispension can perform reverse nslookups or connect by SSH directly via a hostname rather than by some (potentially dynamic) IP. Dispension can now focus on what they do best, without worrying about developing appropriate security.
A Successful MVP Product
The L-SPARK MedTech Accelerator project was a real game-changer for Dispension and the other cohort members! Dispension was able to develop its network of automated kiosks, and CIRA was thrilled to have its IoT Registry play a role in the success of such a promising product.
CIRA’s IoT Registry offers a critical secure link between medical devices and monitoring. This project opens the door to an exciting opportunity to enhance the quality of health care by securely connecting patients and their healthcare providers.
As IoT devices become more common in healthcare environments, device security is now inextricably linked to patient health. Insecure IoT devices can cost more than personal information loss. We are proud to leverage our innovative IoT Registry solution as part of the L-SPARK MedTech initiative as we bring our decades of experience securing Canada’s internet to the internet-connected devices that will transform our healthcare system.
CTO, CIRA
Natasha D’Souza is the Product Manager for IoT Security at the Canadian Internet Registration Authority (CIRA), the national not-for-profit best known for managing the .CA domain and developing new cybersecurity, DNS, and registry services. Natasha is an engineer by training and an expert in product development and marketing. Her favourite challenge is to take concepts ‘from idea to product launch’ in the most impactful way possible for her organization and clients. Her latest project is an innovative framework to securely provision generic Internet of Things (IoT) devices. CIRA’s Secure IoT Registry will allow the world’s IoT devices to seamlessly and securely connect between any manufacturer, owner, service provider and network operator. You can learn more at www.cira.ca/IoT.
