florence-hudson-picture_edit.jpg
Healthcare
Internet of Things
Risk Management
Cyber Resilience

Nexus Podcast: Florence Hudson on the IEEE/UL 2933 Clinical IOT Cybersecurity Standard

Michael Mimoso
/
Apr 1, 2025

Subscribe and listen to the Nexus podcast on your favorite platform.

The prevalence of connected clinical IoT devices such as wearable patient monitoring systems that measure and report on anything from glucose levels to heart rates means there’s a level of maturity to these deployments. 

While these devices are crucial to optimal patient care, their maturity doesn’t necessarily include cybersecurity. Many of these devices lack, or were not designed with, security features such as authentication and data protection in mind. 

This has brought forward a call for security and interoperability standards such as the IEEE/UL 2933 Standard and Framework for Clinical IoT Data and Device Interoperability with TIPPSS. Approved in September 2024, it serves as a framework based on the TIPPSS (trust, identity, privacy, protection, safety, and security) principles in order to improve and secure data exchanges between devices.

On this episode of the Nexus Podcast, Florence Hudson, the standard’s working group chair and founder and CEO of FDHint, described how the standard was born, who was involved, and what the ultimate goal is for adoption. 

“We started this whole effort in 2015, to give you a feel for how long it takes to develop some of these standards,” Hudson explained, recalling discussions with peers about a lack of end-to-end security and trust in an increasingly connected world as IoT emerged as an enterprise technology.

“We started talking about the challenges and all the places that we have to worry about this: connected vehicles, supply chain, water systems, smart grids, healthcare,” Hudson said. “We said, ‘Let's do healthcare first because if you hack an implanted medical device, you could immediately kill a human. So that has an immediate value proposition. And then our vision was to bring TIPPS across all the cyber physical systems. So we did some initial work and then started the working group in 2019.”

The TIPPSS principles are key here; they establish a framework for trust between devices as they relay private patient information between devices and centralized systems. Devices built according to the standard aim for security and resilience, and must meet and maintain a security baseline anchored on a risk-based approach that includes secure development principles. 

Other security foundations are accounted for, including the protection of data in transit, secure end-to-end communications, vulnerability management, integration with other facets of the cybersecurity ecosystem, and event handling.

“I want (the standard) to be in the fabric of what we do in connected healthcare care and eventually in all other domains too, like the smart grid with programmable logic controllers, all the way down to the critical pieces of the system,” Hudson said, adding that her working group is essentially in an advocacy phase now trying to bring awareness of the standards to OEMs, CISOs, others in the C-suite, developers, chipmakers, and more. “We really want to see everyone be aware of it. We want it to be a part of the culture.”

Healthcare
Internet of Things
Risk Management
Cyber Resilience
Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know Get the Nexus Connect Newsletter
You might also like… Read more
Latest on Nexus Podcast