Cybersecurity considerations within eHealth of a home digital eco-system


The digital ecosystem includes all sectors of activity in which the user through a smartphone, and connected objects, that is to say capable, in addition to their main function, to send or receive information via a telecommunication network which allows to extend or diversify the functions of the smartphone and the object. eHealth includes the application of ICT (information and communications technologies) across the whole range of functions that affect the health sector. eHealth systems include tools for health authorities and professionals, from national to international, from the doctor to the hospital manager, nurses, data processing specialists, social security administrators and patients, as well as personalized health systems for individuals and community. This blog post focuses on eHealth within an individual's own home and local community and the cybersecurity considerations that are needed to protect their data and devices from attack by malicious actors.

Use Case

The eHealth digital ecosystem use case examines what is needed to enable home users with medical disabilities and/or old-age impairments with the aim to achieve independent living. This use case shares elements with the home and workplace digital ecosystem. The services include remote monitoring of health by doctors and automatic response with emergency services in case of accidents. Also, the scheduling of care nurses or helpers between clients and care organizations. If the home user is living by themselves, they are able to make use of smart-assistants similar to Amazons Alexa, Apple’s Siri, Google Home and Microsoft Cortana to aid in their day-to-day activities. This use case builds upon earlier ETSI eHealth work in order to develop the use case. The home users are not limited to the elderly, for example, users with psychical disabilities share the same elements. They both make use of devices and tools for accessibility. As well, users with cognitive disabilities fit within this use case. By allowing better user interaction with devices and applications with a focus on UX experience and accessibility. For example, greater use of voice interaction instead of touch/button interfaces.

Start of day:
Begins with the daily rituals of the end-user. They use their chosen devices to aid in getting up and organising activities for the day.
They can be live in, a single visitor, or a revolving number of carers through the day or week. They can help to ensure that the end-user take their daily prescriptions and medicines. These can also be reminders that can be given by a smart device. They can also perform rehabilitation and exercises which are often vital to maintaining health. This is helped by devices that measure activity and status of heart rate/blood pressure/sugar levels etc. Which carers, nurse and doctors can use to track health over a period of time. 
If scheduled medical check-ups and appointments: 
Reminders can come through phone/tablet/watch. The appointment is carried out by a nurse and/or doctor who provide treatment, diagnosis and ensure the well-being of the patient. 
Role of the nurse is to give healthcare services to communities, families and individuals through communication, decision making, teaching and management of care services. So they may attain, maintain, or recover optimal health and quality of life.
Role of Doctor is concerned with promoting, maintaining, or restoring health through the study, diagnosis, and treatment of disease, injury, and other physical and mental impairments.
Feedback – can be as often or as little as required. With it either being Scheduled or only when circumstances change for the end-user.
Civic organisations have to be able to provide resources and help that is appropriate to the requirements of the user. Informed through tests and advice from GPs. 
Medical organisations assess whether the user needs to change the rehabilitation and/prescriptions for the user require to maintain their health which is a key part of independent living. 
End of day:
Daily rituals of end-user: Set prompts and reminders on devices for the next day. Carry out nighttime activities.

User Needed Resources;
·     Medical devices, household assistant devices, monitoring devices (security/visual aids)
·     Smart/virtual assistant – a software and/or device agent that perform tasks or services for an individual.
·     Personal equipment and/or household assistant devices.
·     Computers/tablet/smartphone.
·     Networks – telecommunications/internet
·     Civic/Medical applications for scheduling appointments, carrying out office work and data storage management.

The traditional definition of cybersecurity refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. As part of this blog post (and will be explored in future posts), this has been expanded to include the protection of people (i.e the human user) and how they can be protected through education and awareness and proactive use of technology to target threats.

Type of threats:

  • Traditional malware.
  • Unauthorised access/hacking.
  • Social engineering.
  • Phishing.
  • zero-day exploits of devices and software.

Actions to protect against the threats:

  • Best Security Practise
    • Anti-malware software
    • Firewalls
    • Access control (passwords/pins)
    • Update of patches, software and firmware.
    • Encryption
  • Educate end-users and regular reminders and prompts and about threats and best security practices. 
  • Regularly Alerts about new and ongoing phishing attacks or social engineering attacks in general.
  • Device manufactures following secure by default guidelines and certification. 
  • Internet connections through the IPS set-up automatic safe lists to better block unsafe sites and general improve safe browsing. 
The discussion surrounding cybersecurity and its implementation has come into focus again with the recent arrival of GDPR. While GDPR focuses on privacy and data controls it has led to companies and services to assess and improve their cybersecurity toolsets because there is greater emphasis on the protection of data from misuse from malicious actors within GDPR. This meant companies and services have to look at what methods they need to use to protect data, software and devices but also inform the end-user of the need to be aware and vigilant when it comes to cybersecurity to minimise the risks of a successful attack. This should lead to an environment where the risk of a successful cyber attack happens is lesser than at this moment in time. 


Popular posts

Balancing functionality, usability and security in design

Personal Interest - Unbuilt fleets of the Royal Navy

Personal Interest - RAF Unbuilt Projects