Pulivarti, R.
, Littlefield, K.
, Wang, S.
, Patrick, B.
and Williams, R.
(2025),
Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration, NIST Cybersecurity White Papers (CSWP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.34, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=960257
(Accessed December 18, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration
Published
Author(s)
, Kevin Littlefield, Sue Wang, Bronwyn Patrick, Ryan Williams
Abstract
In-patient service demands have increased during a time when patients have experienced reduced access to hospital care. Hospital-at-Home (HaH) solutions provide an in-patient care experience for patients, which may result in reduced costs and improved outcomes. While these are desirable benefits, HaH involves privacy and cybersecurity risk by introducing medical device-grade equipment and information systems into environments the hospital does not control, i.e., the patient's home. Patient homes may include a growing number of Internet of Things (IoT) devices as part of their "smart home" environment. IoT devices may not provide capabilities that support commonly accepted privacy and security practices and may be used as pivot points in a hospital's information system environment. This paper examines privacy and cybersecurity risks found in HaH deployments when using smart speakers as a representative IoT device and provides recommended steps to address those risks. This paper describes applying controls that include access control, authentication, continuous monitoring, data security, governance, and network segmentation. These practices include steps that the hospital can take to segment HaH equipment and data from other personally owned devices in the patient's home and implement phishing-resistant authentication. Personally owned devices may be prone to compromise and would affect healthcare systems without appropriate segmentation. Also, voice-enabled technologies may be prone to identity spoofing or permitting unauthorized individuals to access HaH equipment or health information.Citation
NIST Cybersecurity White Papers (CSWP) - 34
Report Number
34
Pub Type
NIST Pubs
Download Paper
Keywords
Application Programming Interface, API, biometric devices, cybersecurity, data privacy, data privacy and security risks, healthcare delivery organization, HDO, Hospital-at-Home, HaH, monitoring, Internet of Things, IoT, smart home, telehealth, voice assistant.
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created December 17, 2025