User:Faiezfaizi/sandbox

Ensuring privacy and security in the healthcare IoT

It would be a truism to say that in healthcare, the Internet of Things oﬀers many beneﬁts, including the ability to monitor patients more closely. The focus on the consumer end, such as glucose meters, blood pressure cuﬀs, and other devices allows healthcare providers to automatically collect information and make decisions based on the data to ensure earlier intervention in the treatment process. However, medical companies do not always consider the security risks of connecting these devices to the internet.

What are the main vulnerabilities of the healthcare IoT? Connected devices in healthcare oﬀer many advantages, however, the same devices pose increased risks to both to privacy and security. Some possible risks include: • Attacks on other systems; • Risks to personal safety; • Privacy risks.

Privacy Issues 1. Risks of Patients’ Privacy Exposure The primary privacy issue is to keep the patient’s’ Personal Health Records confidential. A Personal Health Record (PHR) is “an individual electronic record of health-related information that conforms to the nationally recognized interoperability standards.” (Khan et al., 2009 ). PHRs are drawn from multiple sources and are reported directly to the e-health center directly. Containing personal information, they can become the target for cyber attacks ending in the exposure of private data.

2. Data Eavesdropping Generally, the health data of patients are available only to authorized caregivers. However, such data can be eavesdropped while flowing over the wireless links. For example, a popular IoT-based glucose monitoring and insulin delivery system utilizes wireless communication links, which are frequently used to launch privacy attacks and therefore needs sufficient protection of the transferred data.

3. Ownership of data Countries have laws to protect patient data but they may vary from state to state. Besides, in certain cases, such as in case with fitness wearables, many people would think that the data tracked and collected is be bound to be protected by legislation but in many cases it is not.

4. Location privacy Location privacy is concerned with eavesdropping on a patient’s location. Location privacy in WSNs, specifically hiding the message sender’s location, can be achieved through routing to a randomly selected intermediate node (RRIN)