1 - 4 of 4
ItemTowards Privacy-Aware Research and Development in Wearable Health( 2017-01-04)Wearable sensor technology has the potential to transform healthcare. The investigation and testing of sensors in the commercial sector offer insight into ways to leverage biometric data, to improve individual health through the better products and to advance the public good through research. \ \ However, research with wearable sensor data must be done in a manner that is respectful of ethical considerations and privacy. Not only will the processes that govern this research define the potential public good derived from wearables, they will encourage user trust in wearables and promote participation. The research and development (R&D) teams at companies are not just engines of innovation but also have the potential to be an important part of our social infrastructure. The Center for Democracy & Technology (CDT) embarked on a yearlong partnership with Fitbit. CDT gained rare access to the company’s data policies and practices to build recommendations on privacy and ethics. \
ItemAttack-Graph Threat Modeling Assessment of Ambulatory Medical Devices( 2017-01-04)The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient’s vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community. \ \ Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vulnerabilities and mitigation strategies to consider when designing ambulatory devices with similar components. \
ItemA Framework for Evaluating the Tension between Sharing and Protecting Health Information( 2017-01-04)Health information exchange (HIE) is expected to improve the quality and cost of healthcare but sustained use of HIE by providers has been difficult to achieve. A number of factors play a role in that process including concern for the security and privacy of the exchanged information. This tension between the expected benefits of HIE resulting from collaboration and information sharing on the one hand, and the potential security risks inherent in the exchange process on the other hand, is not well understood. We propose an information security control theory to explain this tension. We evaluate this theory through a case study of the iterative development of the information security policy for an HIE in the western United States. We find that the theory offers a good framework through which to understand the information security policy development process.