Cybersecurity considerations within eHealth of a home digital eco-system

Introduction

The digital ecosystem includes all sectors of activity in which the user through a smartphone, and connected objects, that is to say capable, in addition to their main function, to send or receive information via a telecommunication network which allows to extend or diversify the functions of the smartphone and the object. eHealth includes the application of ICT (information and communications technologies) across the whole range of functions that affect the health sector. eHealth systems include tools for health authorities and professionals, from national to international, from the doctor to the hospital manager, nurses, data processing specialists, social security administrators and patients, as well as personalized health systems for individuals and community. This blog post focuses on eHealth within an individual's own home and local community and the cybersecurity considerations that are needed to protect their data and devices from attack by malicious actors.


Use Case
The eHealth digital ecosystem use case examines what is needed to enable home users with medical disabilities and/or old-age impairments with the aim to achieve independent living. This use case shares elements with the home and workplace digital ecosystem. The services include remote monitoring of health by doctors and automatic response with emergency services in case of accidents. Also, the scheduling of care nurses or helpers between clients and care organizations. If the home user is living by themselves, they are able to make use of smart-assistants similar to Amazons Alexa, Apple’s Siri, Google Home and Microsoft Cortana to aid in their day-to-day activities. This use case builds upon earlier ETSI eHealth work in order to develop the use case. The home users are not limited to the elderly, for example, users with psychical disabilities share the same elements. They both make use of devices and tools for accessibility. As well, users with cognitive disabilities fit within this use case. By allowing better user interaction with devices and applications with a focus on UX experience and accessibility. For example, greater use of voice interaction instead of touch/button interfaces.






Start of day:
Begins with the daily rituals of the end-user. They use their chosen devices to aid in getting up and organising activities for the day.
Caregiver: 
They can be live in, a single visitor, or a revolving number of carers through the day or week. They can help to ensure that the end-user take their daily prescriptions and medicines. These can also be reminders that can be given by a smart device. They can also perform rehabilitation and exercises which are often vital to maintaining health. This is helped by devices that measure activity and status of heart rate/blood pressure/sugar levels etc. Which carers, nurse and doctors can use to track health over a period of time. 
If scheduled medical check-ups and appointments: 
Reminders can come through phone/tablet/watch. The appointment is carried out by a nurse and/or doctor who provide treatment, diagnosis and ensure the well-being of the patient. 
Role of the nurse is to give healthcare services to communities, families and individuals through communication, decision making, teaching and management of care services. So they may attain, maintain, or recover optimal health and quality of life.
Role of Doctor is concerned with promoting, maintaining, or restoring health through the study, diagnosis, and treatment of disease, injury, and other physical and mental impairments.
Feedback – can be as often or as little as required. With it either being Scheduled or only when circumstances change for the end-user.
Civic organisations have to be able to provide resources and help that is appropriate to the requirements of the user. Informed through tests and advice from GPs. 
Medical organisations assess whether the user needs to change the rehabilitation and/prescriptions for the user require to maintain their health which is a key part of independent living. 
End of day:
Daily rituals of end-user: Set prompts and reminders on devices for the next day. Carry out nighttime activities.

User Needed Resources;
·     Medical devices, household assistant devices, monitoring devices (security/visual aids)
·     Smart/virtual assistant – a software and/or device agent that perform tasks or services for an individual.
·     Personal equipment and/or household assistant devices.
·     Computers/tablet/smartphone.
·     Networks – telecommunications/internet
·     Civic/Medical applications for scheduling appointments, carrying out office work and data storage management.



 Cybersecurity
The traditional definition of cybersecurity refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. As part of this blog post (and will be explored in future posts), this has been expanded to include the protection of people (i.e the human user) and how they can be protected through education and awareness and proactive use of technology to target threats.

 Type of threats:

  • Traditional malware.
  • Unauthorised access/hacking.
  • Social engineering.
  • Phishing.
  • zero-day exploits of devices and software.


Actions to protect against the threats:

  • Best Security Practise
    • Anti-malware software
    • Firewalls
    • Access control (passwords/pins)
    • Update of patches, software and firmware.
    • Encryption
  • Educate end-users and regular reminders and prompts and about threats and best security practices. 
  • Regularly Alerts about new and ongoing phishing attacks or social engineering attacks in general.
  • Device manufactures following secure by default guidelines and certification. 
  • Internet connections through the IPS set-up automatic safe lists to better block unsafe sites and general improve safe browsing. 
The discussion surrounding cybersecurity and its implementation has come into focus again with the recent arrival of GDPR. While GDPR focuses on privacy and data controls it has led to companies and services to assess and improve their cybersecurity toolsets because there is greater emphasis on the protection of data from misuse from malicious actors within GDPR. This meant companies and services have to look at what methods they need to use to protect data, software and devices but also inform the end-user of the need to be aware and vigilant when it comes to cybersecurity to minimise the risks of a successful attack. This should lead to an environment where the risk of a successful cyber attack happens is lesser than at this moment in time. 

Comments

Post a Comment

Popular posts

Balancing functionality, usability and security in design

Image
Introduction When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other. Defining the Triad in design A triangle can be used to help explain the relationship between the concepts of security, functionality and ea
Read more

Personal Interest - Unbuilt fleets of the Royal Navy

Image
Introduction Throughout the 20th Century the Royal Navy designed and examined different types of fleets that were never realised either due to budget constraints, arms treaties or the changing nature of war. These are only a few examples of the different types of unbuilt fleets. Some of these had prototypes built and tasted for the Royal Navy which would serve as technological testbeds. Images and info from secret projects forum, shipbucket, popular mechanics/science and naval-matters. Washington Naval Treaty (WNT) The  Washington Naval Treaty  was a treaty signed during 1922 among the major nations that had won  World War I , which agreed to prevent an  arms race  by limiting naval construction. It was negotiated at the  Washington Naval Conference , held in  Washington, D.C. , from November 1921 to February 1922, and it was signed by the governments of the United Kingdom, the United States, France, Italy, and Japan. It limited the construction of  battleships ,  battlecruisers
Read more

Personal Interest - RAF Unbuilt Projects

Image
  Introduction This blog post looks at the different groups of cancelled RAF projects. It will focus on the 50s, 60s, 90s/00s and a brief look at hypersonic research projects. While these projects were often cut or cancelled for budget or austerity reasons, they were also pushed by the changing nature of warfare firstly from conventional style WW2 warfare to the predicated quick, short scale nuclear war which was expected from 1947 to 1989. Later from the 90s and into the 21st Century a change from state on state conflict to facing insurgencies, counter-terrorism and peacekeeping missions again led to a change in how wars are fought. Though the work and research done on these projects would rarely go to waste with it being used and applied in other projects and works even if sometimes it could take another ten or twenty years before anything operational came of that work. There won't be large amounts of text explaining or exploring the designs there are far better sources for th
Read more