Information Security Assignment: Security Issues of IoT in Healthcare

Question

Task: Write an information security assignment presenting a detailed research paper on the topic “Security Challenges of IoT in Healthcare”.

Answer

Abstract
Internet of Things, IoT is being used in a number of business and industrial sectors. Healthcare is one of the sectors that witnessed the enhanced use and application of the technology. The purpose of the research on information security assignment is to determine and explore the security and privacy aspects of IoT in healthcare. The research aims to explore these aspects and come up with some of the security and privacy techniques that may be implemented to improve the IoT security and privacy. There has been research conducted on the IoT technology in the past and the use of the published literature will be done by conducting the literature review. The use of journal articles and books will be done to gain an understanding of the IoT security issues in healthcare and the control techniques that shall be implemented. The research will be effective and useful as it will enable the healthcare professionals and hospitals to make effective use of the IoT technology. There are security issues that are seen with the IoT systems and applications in healthcare. This is because of the numerous security vulnerabilities that are present. The sensors are important devices that are used in the healthcare systems. The use of these sensors in healthcare provides the ability to have the data sets that can be easily measured and analysed. The sensor technology has revolutionized the healthcare sector and one of the fine examples of the same is the wearable devices and gadgets. These devices collect the data from the patients without any botheration to the patients. However, there are certain issues with these devices and the sensors that are used. One of the significant problems is the energy consumption with these devices. The wearable devices when attached to the patient’s body can collect the information in a continuous manner. The battery included in the devices may not be sufficient which may lead to the requirement to include additional devices affecting the performance and may compromise on the aspect of security. There are other security and privacy concerns, such as denial of service, privacy breaches, data manipulation, data loss, etc. that may also occur.

1. Introduction
Internet of Things, IoT is a technology that provides the inter-connection of the various components. These components may have a lot of differences with each other in terms of the properties and characteristics. However, IoT provides the platform for these gadgets to be in sync with each other.

There are a lot many applications of IoT that are witnessed and these application areas are increasing with every passing day. Healthcare is one industry that has witnessed a lot of transformation. The developments and advancements in technology have resulted in the transformation of the healthcare sector(Sharma, 2019). IoT is now being used in the healthcare sector and there are various applications of IoT in healthcare that can be determined. These applications have provided the benefits to the sector along with the associated stakeholders. However, there are also certain issues that are determined with the IoT systems, networks, and applications. The issues around information security and privacy are significant and must be focussed upon. This is because IoT applications and systems make use of Cloud Computing and other technologies. The presence of so many technologies and components can have an adverse implication on the IoT systems. The occurrence of such security issues in the IoT systems and networks for the healthcare industry can have adverse implications.

2. Literature Review
2.1. Applications & Use of IoT in Healthcare
2.1.1. IoT for Patients
There are wearable devices and gadgets that have been developed and these are of great utility for the patients. The wirelessly connected devices provide the patients with the ability to monitor their health on their own. Also, there is personalized focus that is given by these devices which can easily be synced with the patient’s Smartphones to generate alerts on a regular basis(Sharma, 2019).

There are numerous IoT-based healthcare applications that are developed for the elderly so that constant tracking is possible. The changes in the routine or any of the alterations can be detected and alerted by the IoT devices.

2.1.2. IoT for Medical Professionals
There is a lot of burden on the medical professionals due to the increased number of patients. With the development of IoT-based wearable and tele-health monitoring systems, there is decrease in the burden on the medical professionals. The medical professionals can easily keep a track of the patient’s health and can provide them with the medical attention as required. The effective and real-time data analysis can also be done so that the proper medical diagnosis and treatment can be carried out(Cae-Li, 2019).

2.1.3. IoT for Hospitals
The application and usage of IoT can be seen in the medical centres and hospitals as well. The installation of the sensors can be done in the medical equipment and devices and these can be tracked using the IoT systems. For example, the tracking of wheelchairs, oxygen pumps, etc. can be done. The real-time analysis of the medical professionals and patients can also be done.

One of the most significant aspects is the element of hygiene in the hospitals and medical centres. The use of IoT can be done to monitor and keep a track of the infected patients to contain the disease. The asset handling and management, tracking of the cleaning services inside the hospitals can be done.

2.1.4. IoT for Health Insurance Companies
IoT and its use in the healthcare sector is also significant for the health insurance companies. The information captured from the health monitoring devices is used for underwriting and claims operations. The use of IoT will assist the insurance companies to track the fraud claims and any of such malicious attempts. There are integrated and data-driven decisions that can be easily and effectively taken with the aid of the IoT devices and systems(Alassaf&Gutub, 2019).

2.2. Security Threats and Risks
2.2.1. Privacy
Privacy is one of the most significant aspects associated with IoT and its applications in the healthcare sector. It refers to the information related with an identifiable individual or subject. The healthcare data and information is collected from the IoT devices. The devices gather the information through the remote access mechanisms that may have issues around privacy and security(Alshohoumi&Sarrab, 2020). The data that is gathered using the sensors is shared over the cloud-based databases using the network channels.

The IoT devices carry out the communications with one other using the Internet. Also, there is healthcare information that may be collected from various units. It is necessary that all of these provide the privacy of the information. However, not all the providers succeed in providing the required level of privacy. There are privacy issues around the unauthorized access and capturing of the information that is common.

2.2.2. Trust
Trust management has an important role to play in the IoT systems and networks. The devices and applications must be able to provide the improved security and privacy of the data. In the case of the IoT setup, all of the devices are synced and integrated with each other. These devices send the information to the specific applications or over the network channels. Therefore, it is necessary that there is trust among the devices so that the violation of information security and privacy can be avoided(Graham, 2020). It is possible that the attackers carry out the manipulation of the devices and the information present within the same. In the case of the healthcare applications developed using IoT, there are huge volumes of data that are collected. The use of Big Data technology is done by the healthcare devices and applications to gather and analyse huge volumes of information. It is possible that the violation of trust and information privacy is done through the Big Data technologies and tools that are used. It is essential that the trust preservation and management is effectively done for the IoT-based healthcare systems and applications(MadhusankaLiyanage et al., 2020).

2.2.3. Denial of Service
One of the most significant aspects about any of the technological systems and applications is the availability of the service and applications. The denial of service, DoS attacks are carried out on the IoT systems and channels to have an impact on the information and application availability(Elngar, 2019).

The memory capabilities and the bandwidth attached with the IoT devices is usually low. There is also lower battery and disk space that is associated with the IoTdevices(Hayder, 2018). The DoS attacks can be carried out by flooding the IoT networks with the unwanted data and traffic. The garbage traffic leads to the situation of a breakdown and it results in the significant impacts on the overall quality and performance. The availability of the application and networks is impacted with these attacks.

2.2.4. Physical Security Attacks
Physical security of the IoT-based healthcare systems and applications is also a significant concern. This is because there are numerous physical devices that are attached with the IoT systems. There are concerns and issues that may emerge with these devices in terms of the loss of the device or stealing of these devices. There are changes in the configuration settings of these devices that can be done by the attackers and it can have a serious impact on the security and privacy aspects of the IoTapps(Hayder, 2018).

2.2.5. Data Manipulation Issues
Data is the fundamental unit that is involved on all parameters and factors of the IoT systems and applications(Patil, 2019).

There are attacks that are carried out on the data sets and the IoT network channels. There can be several manipulation and violation issues that may be witnessed, such as stealing of the data sets, damaging of the data, and likewise. The use of the data is done across various paths in the IoT applications. These may include data generator points, aggregation points, and many more. The cloud and Big Data applications are also used to manage and are involved in the data exchange. The use of any of these access points can be done by the attackers(Saha& Kumar, 2017). There is data manipulation that can be carried out and the modifications in the data can be done.

All of these information security and privacy concerns can have major implications on the IoT systems and applications that are used in the healthcare sector. It is necessary that the proper control and management of the data is done so that the usage of the IoT applications in the healthcare sector is effective(Schneier, 2017).

Table 1: Security and Privacy in IoT-Healthcare

3. Solutions and Findings
Security plays a very important role in the IoT applications and its usage in the field of healthcare. The data that is attached with the IoT apps is critical and sensitive in nature. The violation of data security and privacy can have significant impacts and it can be dangerous to not take any action to preserve the data security and privacy. There are some of the security solutions and privacy management techniques that have been developed. These shall be used with the IoT apps to make sure that the security risks and events do not occur (Chow, 2017).

Access control is one of the significant steps that shall be implemented and can lead to the protection and preservation of the IoT applications and the information sets. It is essential that the properly designed access control measures are developed and implemented so that the IoT-based healthcare information can be safeguarded. The IoT devices are involved in the gathering of the healthcare information which is then transferred and stored in the specific databases. Therefore, it is essential that the strong access management and control techniques are implemented so that the security and privacy of the information and the application sets can be ensured. The implementation of the access control systems will also provide the ability to keep the healthcare information secure. The access control measures that can be used with the IoT-based healthcare applications include the role-based access control. Also, the multi-path encryption-based access control techniques and measures shall also be used and implemented(Balliu et al., 2019).

The use of the IoT systems and applications will be done in the healthcare sector. It is essential that the employees are aware of the security techniques and practices that they must adopt. The use of security trainings and information sharing sessions can be effective to make sure that the preservation of IoT security can be carried out. There are various regulations and laws that are followed and these are developed for ensuring that the security and privacy of the information sets is preserved. The training methods and processes shall cover the details about these laws and protocols. It will enable the healthcare professionals and the administrative members of the staff to be able to carry out the proper security handling and management of the IoT systems and applications. There are security practices that the hospitals will adopt and it shall also be included in the training processes. The training on the access control and preservation of the access rights shall be done so that the adherence with the defined norms and parameters can be done(Hussain&Kaliya, 2018).

The access control measures will make sure that only the adequate sharing of the information and data sets is done in the IoT environment. There are various devices that are used in the IoT system and applications. The devices are closely integrated with each other and there is information transfer that is done from one device to the other. The physical security attacks on any of these devices can have significant impacts. Therefore, it is essential that the physical security of the devices is managed and ensured at all times. The devices shall be protected in terms of the protection from physical sabotage and stealing of the devices. There shall also be sensors and trackers that must be installed in the devices so that the physical attacks can be avoided. There shall be replacement and alternative devices that shall always be available in the case of the loss of device. The option to turn off the device in the case of the loss shall also be applicable with the aid of the sensors and trackers (Kumar, 2017). It will prevent the misuse of the devices by the attackers. There are some of the natural disasters and hazards that may also take place and the protection of the IoT devices is necessary in such cases as well. The presence of an alternative devices and equipment will make sure that the information security is preserved and the continuity of the application flow is also maintained at all times.

There are a majority of the IoT attacks and threats that occur with network as the threat agent. The network security plays a very important role in the IoT attack preservation and management. There are some of the measures that must be taken to make sure that the network security shall be managed. The involvement of the network is involved at all the steps in the IoT system and environment. There are various networking technologies that may be used with the IoT systems, such as Bluetooth, Wi-Fi, ZigBee, and others. The use of the wireless body area networks may also be done with the IoT systems and networks to make sure that the security and privacy is maintained at all times(Ahmad et al., 2018).

There are certain security measures that can be adopted to make sure that the security and privacy risks occurring through the network channels can be prevented. The use of the firewalls can be done for the purpose along with the integration of the IoT systems and networks with the intrusion detection and prevention systems. These systems will make sure that the unauthorized access is blocked and there are filters that are applicable for controlling the network access. The use of the IPSec and SSL/TSL shall also be done so that the promotion of the network security can be carried out.

The use of HTTPS is also done so that the messages that are shared are done in the encrypted forms. The privacy issues in the healthcare system and networks occur due to the variation in the properties of the devices that are involved. Also, there is enhanced level of integration that is present across the devices. The encryption of the data can be done and can be used with the IoT devices and networks to make sure that the issues around security and privacy violations do not occur (Chatterjee, 2020).

The use of the RFID technology can be done with the IoT systems and applications to control the network-based security issues and attacks. The security vulnerabilities, such as man in the middle attacks or others can be prevented using the RFID technologies. The technology will keep a track of all the devices that will be contained in the IoT systems and networks. It will provide the ability to monitor and manage the IoT privacy and network security risks. There are also authorization principles and mechanisms that must be used with the IoT systems. These principles will provide the ability to make sure that only the authorized entities gain access to the networks and the application sets.

There are some of the administrative measures and steps that shall also be followed to make sure that the IoT security risks and issues in the healthcare sector can be prevented and the effective usage of the technologies can be done. The healthcare organizations, medical centres, and hospitals shall develop the detailed plans and policies for the preservation of information security and privacy(Yan et al., 2018). There are various laws that are developed and are followed across the globe to prevent the occurrence of security attacks on the healthcare information. For example, HIPAA (health Insurance Portability & Accountability Act states that the private health information of the patients must be protected at all times. The organization security policies developed by the healthcare organizations shall be in line with these laws and protocols. It will provide the mechanism to control and prevent the security attacks from taking place. Apart from the security policies and measures, it is also necessary for the healthcare administrators and the members of the board to conduct the security audits and reviews in the organization. The conduction of such audits and reviews will provide the mechanism to control the security issues and the identification of the gaps will also be done. It will provide the ability to fill these gaps and to make sure that the avoidance of the security risks can also be done.

4. Conclusion
There are security and privacy concerns that are associated with the IoT systems and applications that are used in the healthcare sector. The preservation techniques and control measures are developed and these shall be implemented to make sure that the usage is effective. Also, the future research shall focus on the use of the Blockchain networks in the healthcare IoT to promote the performance, accuracy, and security.

5. References
Ahmad, A., Mukkamala, R., &Navuluri, K. (2018).Privacy in IoT Cloud.Athens Journal of ?echnology& Engineering, 5(4), 377–392. https://doi.org/10.30958/ajte.5-4-4

Alassaf, N., &Gutub, A. (2019).Simulating Light-Weight-Cryptography Implementation for IoT Healthcare Data Security Applications.International Journal of E-Health and Medical Communications, 10(4), 1–15. https://doi.org/10.4018/ijehmc.2019100101

Alshohoumi, F., &Sarrab, M. (2020). Privacy Concerns InIoT A Deeper Insight into Privacy Concerns in IoT Based Healthcare. International Journal of Computing and Digital Systems, 9(3), 399–418. https://doi.org/10.12785/ijcds/090306

Balliu, M., Bastys, I., &Sabelfeld, A. (2019).Securing IoT Apps.IEEE Security & Privacy, 1–1. https://doi.org/10.1109/msec.2019.2914190

Cae-Li, C. (2019). Enhancing Healthcare Facility in Rural Areas Using Internet of Things (IoT).International Journal of Psychosocial Rehabilitation, 23(4), 1414–1423. https://doi.org/10.37200/ijpr/v23i4/pr190466

Chatterjee, S. (2020). Factors Impacting Behavioral Intention of Users to Adopt IoTIn India. International Journal of Information Security and Privacy, 14(4), 92–112. https://doi.org/10.4018/ijisp.2020100106

Chow, R. (2017). The Last Mile for IoT Privacy.IEEE Security & Privacy, 15(6), 73–76. https://doi.org/10.1109/msp.2017.4251118

Elngar, A. A. (2019). An Efficient User Authentication Model for IOT-based Healthcare Environment. International Journal of Information and Computer Security, 11(4/5), 1. https://doi.org/10.1504/ijics.2019.10023077

Graham, C. (2020). Fear of the unknown with healthcare IoT devices: An exploratory study. Information Security Journal: A Global Perspective, 1–11. https://doi.org/10.1080/19393555.2020.1810369

Hayder, N. M. M. A. (2018). Security and Interoperability Issues in IoT based Healthcare Architectures.Information security assignmentIndian Journal of Public Health Research & Development, 9(12), 1045. https://doi.org/10.5958/0976-5506.2018.01987.3

Hussain, M., &Kaliya, N. (2018).An Improvised Framework for Privacy Preservation in IoT.International Journal of Information Security and Privacy, 12(2), 46–63. https://doi.org/10.4018/ijisp.2018040104

Kumar, R. (2017). Internet of Things ('IOT’) - Privacy Concerns.SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3064271

MadhusankaLiyanage, Braeken, A., Pardeep Kumar, &Ylianttila, M. (2020).IoT security?: advances in authentication. John Wiley & Sons, Inc.

Patil, A. (2019). National Cyber Safety and Security: Healthcare using IoT. International Journal of Internet of Things and Big Data, 4(1), 1–8. https://doi.org/10.21742/ijitbd.2019.4.1.01

Saha, G. K., & Kumar, S. (2017). Security Issues in IoT-Based Healthcare.International Journal of Applied Research on Information Technology and Computing, 8(3), 385. https://doi.org/10.5958/0975-8089.2017.00036.7

Schneier, B. (2017). IoT Security: What’s Plan B? IEEE Security & Privacy, 15(5), 96–96. https://doi.org/10.1109/msp.2017.3681066

Sharma, S. R. (2019). Internet of Things IoT: IoT in Healthcare. International Journal of Trend in Scientific Research and Development, Volume-3(Issue-4), 980–982. https://doi.org/10.31142/ijtsrd23971

Yan, H., Li, X., Wang, Y., &Jia, C. (2018). Centralized Duplicate Removal Video Storage System with Privacy Preservation in IoT. Sensors, 18(6), 1814. https://doi.org/10.3390/s18061814