Although there have been remarkable technological developments in healthcare, the privacy and security of mobile health systems (mHealth) still raise many concerns with considerable consequences for patients using these technologies. For instance, potential security and privacy threats in wireless devices, such as Wi-Fi and Bluetooth connected to a patient hub at the application, middleware and sensory layers, may result in the disclosure of private and sensitive data. This paper explores the security and privacy of the patient hub, including patient applications and their connections to sensors and cloud technology. Addressing the privacy and security concerns of the patient hub called for a comprehensive risk assessment by using the OCTAVE risk assessment framework. Findings reveal that the highest risk concerned data exposure at the sensory layer. In spite of the countermeasures presented in this paper, most served as a means to identify risk early as opposed to mitigating them. The findings can serve to inform users of the potential vulnerabilities in the patient hub before they arise.
References
[1]
Tewari, A. and Gupta, B. (2018) Security, Privacy and Trust of Different Layers in Internet-of-Things (IoTs) Framework. Future Generation Computer Systems.
https://doi.org/10.1016/j.future.2018.04.027
[2]
Roozbahani, F.S. and Azad, R. (2015) Security Solutions against Computer Networks Threats. International Journal of Advanced Networking and Applications, 7, 2576.
[3]
Philip, N., et al. (2014) Design of a RESTful Middleware to Enable a Web of Medical Things. EAI 4th International Conference on Wireless Mobile Communication and Healthcare, Athens, 2014, 361-364.
https://doi.org/10.4108/icst.mobihealth.2014.257408
[4]
Vaidya, R.V. and Trivedi, D.K. (2017) M-Health: A Complete Healthcare Solution. International Conference on Computing Methodologies and Communication, Erode, 18-19 July 2017, 556-561. https://doi.org/10.1109/ICCMC.2017.8282527
[5]
Radoglou Grammatikis, P.I., Sarigiannidis, P.G. and Moscholios, I.D. (2019) Securing the Internet of Things: Challenges, Threats and Solutions. Internet of Things, 5, 41-70. https://doi.org/10.1016/j.iot.2018.11.003
[6]
Faheem, K. and Rafique, K. (2015) Securing 4G/5G Wireless Networks. Computer Fraud & Security, 2015, 8-12. https://doi.org/10.1016/S1361-3723(15)30036-1
[7]
Whitman, M.E. and Mattord, H.J. (2014) Principles of Information Security. Cengage Learning, Boston.
[8]
Janeček, V. (2018) Ownership of Personal Data in the Internet of Things. Computer Law & Security Review, 34, 1039-1052. https://doi.org/10.1016/j.clsr.2018.04.007
[9]
Munos, B., et al. (2016) Mobile Health: The Power of Wearables, Sensors, and Apps to Transform Clinical Trials. Annals of the New York Academy of Sciences, 1375, 3-18. https://doi.org/10.1111/nyas.13117
[10]
Ali, M. (2019) Cloud Computing at a Cross Road: Quality and Risks in Higher Education. Advances in Internet of Things, 9, 33-49.
https://doi.org/10.4236/ait.2019.93003
[11]
Ali, M. (2019) The Barriers and Enablers of the Educational Cloud: A Doctoral Student Perspective. Open Journal of Business and Management, 7, 24.
https://doi.org/10.4236/ojbm.2019.71001
[12]
Ali, M.B. (2019) Multiple Perspective of Cloud Computing Adoption Determinants in Higher Education a Systematic Review. International Journal of Cloud Applications and Computing, 9, 89-109. https://doi.org/10.4018/IJCAC.2019070106
[13]
Mohammed Banu, A., Trevor, W.-H. and Mostafa, M. (2018) Benefits and Challenges of Cloud Computing Adoption and Usage in Higher Education: A Systematic Literature Review. International Journal of Enterprise Information Systems, 14, 64-77. https://doi.org/10.4018/IJEIS.2018100105
[14]
Gawali, S.K. and Deshmukh, M.K. (2019) Energy Autonomy in IoT Technologies. Energy Procedia, 156, 222-226. https://doi.org/10.1016/j.egypro.2018.11.132
[15]
Kaul, S.D. and Awasthi, A.K. (2013) RFID Authentication Protocol for Medication Safety of Patients. Journal of Medical Systems, 37, 9964.
https://doi.org/10.1007/s10916-013-9979-7
[16]
Medaglia, C.M. and Serbanati, A. (2010) An Overview of Privacy and Security Issues in the Internet of Things. In: The Internet of Things, Springer, Berlin, 389-395.
https://doi.org/10.1007/978-1-4419-1674-7_38
[17]
Atzori, L., Iera, A. and Morabito, G. (2010) The Internet of Things: A Survey. Computer Networks, 54, 2787-2805. https://doi.org/10.1016/j.comnet.2010.05.010
[18]
Jia, X., et al. (2012) RFID Technology and Its Applications in Internet of Things (IoT). 2nd International Conference on Consumer Electronics, Communications and Networks, Yichang, 21-23 April 2012, 1282-1285.
https://doi.org/10.1109/CECNet.2012.6201508
[19]
Zubaydi, F., et al. (2015) Security of Mobile Health (mHealth) Systems. 15th International Conference on Bioinformatics and Bioengineering, Belgrade, 2-4 November 2015, 1-5. https://doi.org/10.1109/BIBE.2015.7367689
[20]
Triantafyllidis, A.K., et al. (2016) Framework of Sensor-Based Monitoring for Pervasive Patient Care. Healthcare Technology Letters, 3, 153-158.
https://doi.org/10.1049/htl.2016.0017
[21]
Kearns, G.S. (2016) Countering Mobile Device Threats: A Mobile Device Security Model. Journal of Forensic & Investigative Accounting, 8, 36-48.
[22]
Chen, S.-L., Chen, Y.-Y. and Hsu, C. (2014) A New Approach to Integrate Internet-of-Things and Software-as-a-Service Model for Logistic Systems: A Case Study. Sensors, 14, 6144-6164. https://doi.org/10.3390/s140406144
[23]
Nayak, U. and Rao, U.H. (2014) The InfoSec Handbook: An Introduction to Information Security. Apress, New York.
[24]
Kumar, G. (2016) Network Security Attacks and Countermeasures. IGI Global, Hershey.
[25]
Larrucea, X., Santamaria, I. and Colomo-Palacios, R. (2019) Assessing Source Code Vulnerabilities in a Cloud-Based System for Health Systems: OpenNCP. IET Software, 13, 195-202. https://doi.org/10.1049/iet-sen.2018.5294
[26]
Ali, M.B., Wood-Harper, T. and Ramlogan, R. (2020) A Framework Strategy to Overcome Trust Issues on Cloud Computing Adoption in Higher Education. In: Modern Principles, Practices, and Algorithms for Cloud Security, IGI Global, Hershey, 162-183. https://doi.org/10.4018/978-1-7998-1082-7.ch008
Bays, L.R., et al. (2015) Virtual Network Security: Threats, Countermeasures, and Challenges. Journal of Internet Services and Applications, 6, Article No. 1.
https://doi.org/10.1186/s13174-014-0015-z
[29]
Naveed, M., et al. (2014) Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android. ISOC Network and Distributed Computing Security, San Diego, 23-26 February 2014, 1-14.
https://doi.org/10.14722/ndss.2014.23097
[30]
Calder, A. and Watkins, S. (2010) Threats and Vulnerabilities. In: Calder, A. and Watkins, S.G., Eds., Information Security Risk Management for ISO27001/ISO 27002, IT Governance Publishing, Cambridgeshire, 110-117.
[31]
Calder, A. and Watkins, S.G. (2010) Information Security Risk Management for ISO27001/ISO27002. IT Governance Ltd., Cambridgeshire.
[32]
Talabis, M. and Martin, J. (2012) Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis. Syngress, Rockland. https://doi.org/10.1016/B978-1-59-749735-0.00004-X
[33]
Mahopo, B., Abdullah, H. and Mujinga, M. (2015) A Formal Qualitative Risk Management Approach for IT Security. Information Security for South Africa, Johannesburg, 12-13 August 2015, 1-8. https://doi.org/10.1109/ISSA.2015.7335053
