Abstract
Worldwide, vulnerabilities and weak security strategies are exploited everyday by adversaries in healthcare organizations. Healthcare is targeted because these crimes are high-reward and low-risk. The attacks differ every time, from hacking medical devices, such as sensors, to stealing patients’ data from electronic health records databases. The effects of these attacks are both short and long term lived, depending on the incidence handling process that each sector is adopting. The Covid-19 pandemic has exposed, in full, that healthcare systems are vulnerable and vastly unprotected while representing a threat to global public health. An important part of the healthcare ecosystem, for the development and validation of innovative tools and methodologies, is the Living Labs which are community-based and adopt co-creation as their primary approach. Because of the many stakeholders involved in the processes of the Living Labs, cybersecurity ought to be in their center. Besides the proven great importance of the Living Labs as part of healthcare, there is no research on security and privacy issues around them. The main purpose of this paper is to explore the supply chain of a Living Lab and identify its security and privacy challenges alongside with its vulnerabilities. The SecTro tool has been used to provide a thorough analysis which follows the Privacy-by-Design approach. The originality and novelty of our work are shown from: (i) moving one step further from desk studies by including requirements from citizens and professionals; (ii) being integrated into an effort from various researchers to supply a holistic approach to Data Privacy Governance; (iii) the first time which a paper is considering and analysing the supply chain of the Living Labs.
Original language | English |
---|---|
Pages (from-to) | 147-182 |
Number of pages | 36 |
Journal | Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications |
Volume | 13 |
Issue number | 2 |
DOIs | |
Publication status | Published - 30 Jun 2022 |
Bibliographical note
Funding Information:Kitty Kioskli has received a B.Sc. in Social Anthropology from Panteion University, an M.Sc. in Health Psychology from City, University of London, and a Ph.D. in Health Psychology from King’s College London. Her PhD was fully funded under a nationally competitive fellowship from Diabetes UK. Currently, Dr Kioskli is working as a Research Fellow at the University of Essex and as a Project Manager at Gruppo Maggioli. She has also co-founded trustilio B.V. a start-up consultancy providing services in cybersecurity, behaviour-change, business and research innovation where she acts as the CEO. Her research interests lie in the areas of cybersecurity, digital health, behaviour change, psychosocial and human factors. She is the author of a number of high-impact peer-reviewed publications, has presented in several national and international conferences and has received 4 awards in these fields. Meanwhile, she serves as an editorial review board member in a number of high-impact journals. She has also worked as a postdoctoral research fellow at City, University of London and University of Brighton, as a graduate teaching assistant at King’s College London and as a PhD tutor at the Brilliant Club. Finally, Dr Kioskli has served as a researcher in a plethora of European and national R&D projects.
Funding Information:
Haralambos Mouratidis is Professor of Software Systems Engineering and found-ing Director of the Centre for Secure, Intelligent and Usable Systems (CSIUS) at the University of Brighton. He is Fellow of the Higher Education Academy, and a vis-iting professor at the University of Ionian (Greece). His research interests lie in the intersection of security, privacy, and software engineering. He has pioneered work in developing methodologies, modelling languages, ontologies, tools and platforms to support the analysis, design, and monitoring of security, privacy, risk and trust for large-scale complex software systems. He has applied his theoretical work to practical applications in domains such as critical infrastructures, cloud computing, healthcare, telecommunications, banking, and e-commerce. He has published more than 150 papers (h-index 30) and he has led and/or participated in projects funded by the European Union (FP7, Horizon2020), EPSRC, the Royal Academy of Engineering, the Higher Education Funding Council of England (HEFCE), and the Japanese National Institute of Informatics to name few of the funders. He has also received funding for knowledge exchange and industrial projects from Innovate UK, the European Regional Development Fund, British Telecom, ELC, Powerchex, and FORD. He has strong experience of acting as evaluator for national and international funding bodies including the EPSRC, HEA, the EU, and various national councils and he has acted as invited subject expert for events organised by the EU, NATO and Innovate UK. He is member of working groups at ERCIM, IFIP and national initiatives related to security, privacy and trust.
Funding Information:
The research conducted in this paper was triggered by the authors’ involvement in the project ‘A Dynamic and Self-Organized Artificial Swarm Intelligence Solution for Security and Privacy Threats in Healthcare ICT Infrastructures’ (AI4HEALTHSEC) under grant agreement No 883273. The first author would also like to acknowledge the project ‘Affective based integrated care for better quality of life’ (TeNDER), funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement No 875325. The authors are grateful for the financial support of these projects that have received funding from the European Union’s Horizon 2020 research and innovation programme. The views expressed in this paper represent only the views of the authors and not of the European Commission or the partners in the above-mentioned projects.
Publisher Copyright:
© 2022, Innovative Information Science and Technology Research Group. All rights reserved.
Keywords
- digital health
- Living Lab
- mitigation actions
- privacy
- security
- supply chain