Article Preview
TopIntroduction
The field of health care is changing. Prevailing socioeconomic factors, such as ageing societies and global economy, have forced health service providers to re-think service provisioning mechanisms. The current approach to service provisioning, which is based mainly on face-to-face contact alone in fixed health facilities (e.g. health care centers, hospitals, etc.), is becoming obsolete and too expensive to maintain. Moreover, there is growing pressure for increasing homecare and home-based services for elderly population that support their independence and living at home (Ministry of Environment of Finland, 2013). Even though in the ongoing economic crisis there was a significant drop in health expenditure on a global scale in 2009, the health spending has edged up again in 2013 (OECD, 2015, p. 1). At that time, health spending (excl. investment) as a share of GDP was on average 8.9% in the OECD countries (OECD, 2015, pp. 2).
It has been stated that technology is one of the key strategies that offers new solutions for promoting elderlies living at home (Ministry of Environment of Finland, 2013). In addition of being economically feasible, these new service provisioning mechanisms should also be of high quality, emphasizing aspects such high end-user satisfaction, patient safety and efficiency of care. Even though the benefits of technology are not always clear-cut (cf. Buntin et al., 2011, p. 467), technology is often regarded as a key enabler when these mechanisms are devised. One of the reasons for this viewpoint is the ‘extended reach’. Technology brings health services outside confines of a health facility, to homes, offices and even shopping centers (Haq, 2008; Wunker, 2013).
An umbrella term depicting this extension via technology is telemedicine. The term and others parallel to it, such as telehealth, are primarily used in the context of providing health care services (and medical education) from one geographical location to another (Sood et al., 2007, p. 576). It is a modality and a multidisciplinary tool in medicine (Sood et al., 2007, p. 573) that highlights the role of technology and communication networks in the service delivery.
Today, the telemedicine industry as a whole is looking into Internet of Things (IoT) which offers new ways to increase efficiency and engage patients in their care. IoT is a generic technological term depicting how different physical objects are brought to the interconnected world in a way that was impossible, or at least unfeasible, only few years ago.
While the technology holds a promise of greater scalability and device interoperability, there are also inherent security and privacy risks. There have been over 1400 large breaches of protected health information since 2009 (Berger, 2016). At the moment, less than half of the business associates in health care sector agree that they have sufficient technologies to detect and fend off cyber-attacks (Ponemon, 2016). Ponemon Institute also estimates security issues could be costing the industry more than 6 billion dollars and nearly 90 percent of the health care organizations studied had experienced security breaches (Ponemon, 2016). To respond quickly to the security problems, health care organizations and telemedicine industry need to start taking security more seriously.
In this paper, our focus is on security risks related to IoT devices in the field of health care. We use medication dispensers as an example that can be accessed and operated remotely via Internet. It is in our view that these kinds of devices are in a risk of specific attack type, namely man-in-the-middle attacks (MitM) where the malicious attacker intercepts, relays, and potentially falsifies asynchronous messages sent between the intended parties (Rauti & Leppänen, 2012). To mitigate these kinds of security threats, we propose a proxy-based security solution that employs dynamic obfuscation (cf. Yubo et al., 2015, p. 3). We argue that this solution, when employed on the web application’s source code, makes performing successful undetected MitM attacks significantly more difficult.