1 - 3 of 3
ItemMedDevRisk: Risk Analysis Methodology for Networked Medical Devices( 2018-01-03)The prolific integration of technology into medical environments is continuously generating new attack vectors. This continuous amalgamation of technology into the medical field prompted the idea that risk assessment models can be utilized to identify cyber security vulnerabilities in medical settings. This research presents an initial investigation into the application of risk assessment frame works, i.e., STRIDE, Common Vulnerabilities and Exposures, and a Common Vulnerability Scoring System to identified networked medical devices that are currently employed in an operational medical simulation lab. The contribution of this research is twofold and culminates in a novel proof-of-concept system known as MedDevRisk. First, it demonstrates an approach to incorporating existing threat models into a relational database schema based on Threat-Vulnerability-Asset (TVA) relationships. Second, it provides an initial empirical analysis of the risk associated with networked medical devices along with providing the foundation for future research.
ItemUnderstanding Users’ Health Information Privacy Concerns for Health Wearables( 2018-01-03)Health information privacy concerns (HIPC) are commonly cited as primary barrier to the ongoing growth of health wearables (HW) for private users. However, little is known about the driving factors of HIPC and the nature of users’ privacy perception. Seven semi-structured focus groups with current users of HWs were conducted to empirically explore factors driving users’ HIPC. Based on an iterative thematic analysis approach, where the interview codes were systematically matched with literature, I develop a thematic map that visualizes the privacy perception of HW users. In particular this map uncovers three central factors (Dilemma of Forced Acceptance, State-Trait Data Sensitivity and Transparency) on HIPC, which HW users have to deal with.