299-Article Text-492-1-10-20160203.pdf

Patients data but not that of another doctors

Info icon This preview shows pages 8–9. Sign up to view the full content.

patients’ data, but not that of another doctor’s patients; Nurses or Personal Assistants: have access to the information of patients they are responsible for. Healthcare professionals may also have adequate resources to attack a system because they have access to it, but their attack skills may be low since they are unlikely to be IT experts. (d) Informal Healthcare Assistants - friends, visitors and voluntary health workers have very limited access rights to the system (e.g. read only access to some of patients’ data). Their role is only that of patient assistants at the point-of-care, or supporting the remote supervision and follow-up of the patient based on information about the patients’ health status. (e) Technical System Components - devices (e.g. sensors, actuators), applications and/or processes that act on behalf of the patient, for instance patient communication devices and medical devices. 3. Data Flow Diagrams (DFD): DFD is a high-level way of disassembling the system and focusing on its functional components, and to analyze the flows of data through the system components [11]. DFD makes it easier to identify threats, to follow and analyze the adversary’s data and commands throughout the system, and to identify which assets they interact with [10]. Figure 3 shows the DFD for the telehealth trial system, which was modeled with Microsoft threat modeling tools 2014. 4. Identifying Threats Table 3 summarizes the identified threats, which are categorized according to the following types: authentication, authorization and access, privacy, as well as auditing and logging threats. For authentication threats, all possible threats related to user identity and login credentials that would possibly enable others to gain access to the system are defined. The main concerns are loss (or theft) or sharing of user identities and login credentials, and authenticating patient devices. Patients sharing their login credentials with friends, relatives and/or healthcare providers may cause potential impact, like identity misuse, tampering with patient data, or private information disclosure, among others. Potential damage is classified as low, medium or high, according to the distribution of the business functions and processes. For instance, if one patient’s login credentials were lost (or stolen), the impact would be low, because the damage would only affect one patient; but if a healthcare provider’s identity was stolen, the impact would be very high, because this may affect more than one patient. Moreover, patient device authentication is very important. When a patient’s communication device wants to communicate with the patient’s medical device, both devices must authenticate each other, and ensure that they are what/who they claim to be, and are not compromised by an attacker.
Image of page 8

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern