Security and Privacy Challenges in Healthcare

Permanent URI for this collection

Browse

Recent Submissions

Now showing 1 - 5 of 5
  • Item
    A Bleeding Digital Heart: Identifying Residual Data Generation from Smartphone Applications Interacting with Medical Devices
    (2019-01-08) Grispos, George; Glisson, William; Cooper, Peter
    The integration of medical devices in everyday life prompts the idea that these devices will increasingly have evidential value in civil and criminal proceedings. However, the investigation of these devices presents new challenges for the digital forensics community. Previous research has shown that mobile devices provide investigators with a wealth of information. Hence, mobile devices that are used within medical environments potentially provide an avenue for investigating and analyzing digital evidence from such devices. The research contribution of this paper is twofold. First, it provides an empirical analysis of the viability of using information from smartphone applications developed to complement a medical device, as digital evidence. Second, it includes documentation on the artifacts that are potentially useful in a digital forensics investigation of smartphone applications that interact with medical devices.
  • Item
    No Risk, More Fun! Automating Breach of Confidentiality Risk Assessment for Android Mobile Health Applications
    (2019-01-08) Brüggemann, Thomas; Dehling, Tobias; Sunyaev, Ali
    With the rapidly rising number of mobile health (mHealth) applications (apps), it is unfeasible to manually review mHealth apps for information privacy risks. One salient information privacy risk of mHealth apps are confidentiality breaches. We explore whether and how static code analysis is a feasible technology for app review automation. Evaluation of our research prototype shows that, on average, our prototype detected one breach of confidentiality risk more than human reviewers. Contributions are the demonstration that static code analysis is a feasible technology for detection of confidentiality breaches in mHealth apps, the derivation of eight generic design patterns for confidentiality breach risk assessments, and the identification of architectural challenges that need to be resolved for wide-spread dissemination of breach of confidentiality risk assessment tools. In terms of effectiveness, humans still outperform computers. However, we build a foundation for leveraging computation power to scale up breach of confidentiality risk assessments.
  • Item
    The Impact of Persuasive Messages on the Disclosure of Personal Health Information
    (2019-01-08) Becker, Moritz; Matt, Christian
    Individuals’ disclosure of personal health information (PHI) holds substantial benefits for providers, but users are often reluctant to disclose. While providers can employ persuasive messages, little is known about their effects in the sensitive context of PHI disclosure. To address this research gap, we conduct a web-based experiment with 529 non-users of health wearables (HWs) to examine the influences of persuasive messages (attribute framing and argument strength) on individuals’ PHI disclosure. We reveal that individuals tend to disclose more PHI when they experience persuasive messages with more positively framed HW attributes or messages with higher argument strength concerning data collection. We enable researchers to uncover the impact of persuasive messages in highly sensitive data environments and provide practitioners with workable suggestions to have individuals disclose more PHI.
  • Item
    A Novel Privacy Preserving Search Technique for Stego Data in Untrusted Cloud
    (2019-01-08) Rahman, Mohammad Saidur; Khalil, Ibrahim; Yi, Xun; Gu, Tao
    We propose the first privacy preserving search technique for stego health data in untrusted cloud in this paper. The Cloud computing is a popular technology to the healthcare providers for outsourcing health data due to flexibility and cost effectiveness. However, outsourcing health data to the cloud introduces serious privacy issues to the patient. For example, dishonest personnel of the cloud provider may disclose patient sensitive information to business organizations for some financial benefits. Using steganography, patient sensitive information is hidden within health data for privacy preservation. As a result, stego health data is generated. To the best of our knowledge, no method exists for searching a particular stego data without disclosing any information to the cloud. We propose a framework for privacy preserving search over stego health data. We systematically describe each component of the proposed framework. We conduct several experiments to evaluate the performance of the framework.