A Proxy-Based Solution for Asynchronous Telemedical Systems

A Proxy-Based Solution for Asynchronous Telemedical Systems

Sampsa Rauti (University of Turku, Turku, Finland), Janne Lahtiranta (University of Turku, Turku, Finland), Heidi Parisod (University of Turku, Turku, Finland), Sami Hyrynsalmi (Tampere University of Technology, Pori, Finland), Sanna Salanterä (University of Turku, Turku, Finland), Minna Elisabeth Aromaa (University of Turku, Turku, Finland), Jouni Smed (University of Turku, Turku, Finland) and Ville Leppänen (Department of Information Technology, University of Turku, Turku, Finland)
Copyright: © 2017 |Pages: 14
DOI: 10.4018/IJEHMC.2017070105
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Asynchronous telemedicine systems face many challenges related to information security as the patient's sensitive information and data on medicine dosage is transmitted over a network when monitoring patients and controlling asynchronous telemedical IoT devices. This information may be modified or spied on by a malicious adversary. To make asynchronous telemedicine systems more secure, the authors present a proxy-based solution against data modification and spying attacks in web-based telemedical applications. By obfuscating the executable code of a web application and by continuously dynamically changing obfuscation, the authors' solution makes it more difficult for a piece of malware to attack its target. They use a constructive research approach. They characterize the threat and present an outline of a proposed solution. The benefits and limitations of the proposed solution are discussed. Cyber-attacks targeted at the information related to patient's care are a serious threat in today's telemedicine. If disregarded, these attacks have negative implications on patient safety and quality of care.
Article Preview

Introduction

The field of health care is changing. Prevailing socioeconomic factors, such as ageing societies and global economy, have forced health service providers to re-think service provisioning mechanisms. The current approach to service provisioning, which is based mainly on face-to-face contact alone in fixed health facilities (e.g. health care centers, hospitals, etc.), is becoming obsolete and too expensive to maintain. Moreover, there is growing pressure for increasing homecare and home-based services for elderly population that support their independence and living at home (Ministry of Environment of Finland, 2013). Even though in the ongoing economic crisis there was a significant drop in health expenditure on a global scale in 2009, the health spending has edged up again in 2013 (OECD, 2015, p. 1). At that time, health spending (excl. investment) as a share of GDP was on average 8.9% in the OECD countries (OECD, 2015, pp. 2).

It has been stated that technology is one of the key strategies that offers new solutions for promoting elderlies living at home (Ministry of Environment of Finland, 2013). In addition of being economically feasible, these new service provisioning mechanisms should also be of high quality, emphasizing aspects such high end-user satisfaction, patient safety and efficiency of care. Even though the benefits of technology are not always clear-cut (cf. Buntin et al., 2011, p. 467), technology is often regarded as a key enabler when these mechanisms are devised. One of the reasons for this viewpoint is the ‘extended reach’. Technology brings health services outside confines of a health facility, to homes, offices and even shopping centers (Haq, 2008; Wunker, 2013).

An umbrella term depicting this extension via technology is telemedicine. The term and others parallel to it, such as telehealth, are primarily used in the context of providing health care services (and medical education) from one geographical location to another (Sood et al., 2007, p. 576). It is a modality and a multidisciplinary tool in medicine (Sood et al., 2007, p. 573) that highlights the role of technology and communication networks in the service delivery.

Today, the telemedicine industry as a whole is looking into Internet of Things (IoT) which offers new ways to increase efficiency and engage patients in their care. IoT is a generic technological term depicting how different physical objects are brought to the interconnected world in a way that was impossible, or at least unfeasible, only few years ago.

While the technology holds a promise of greater scalability and device interoperability, there are also inherent security and privacy risks. There have been over 1400 large breaches of protected health information since 2009 (Berger, 2016). At the moment, less than half of the business associates in health care sector agree that they have sufficient technologies to detect and fend off cyber-attacks (Ponemon, 2016). Ponemon Institute also estimates security issues could be costing the industry more than 6 billion dollars and nearly 90 percent of the health care organizations studied had experienced security breaches (Ponemon, 2016). To respond quickly to the security problems, health care organizations and telemedicine industry need to start taking security more seriously.

In this paper, our focus is on security risks related to IoT devices in the field of health care. We use medication dispensers as an example that can be accessed and operated remotely via Internet. It is in our view that these kinds of devices are in a risk of specific attack type, namely man-in-the-middle attacks (MitM) where the malicious attacker intercepts, relays, and potentially falsifies asynchronous messages sent between the intended parties (Rauti & Leppänen, 2012). To mitigate these kinds of security threats, we propose a proxy-based security solution that employs dynamic obfuscation (cf. Yubo et al., 2015, p. 3). We argue that this solution, when employed on the web application’s source code, makes performing successful undetected MitM attacks significantly more difficult.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 9: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing