Securing Mobile e-Health Environments by Design: A Holistic Architectural Approach

Employing wireless devices, like sensors and remote controllers, in medical workflows has become the norm in healthcare treatments, substantially increasing the quality of patient care. Medical data gathered and processed by the hardware and software components continuously traverses the existing IT infrastructures ranging from hospital datacenters to regional healthcare information exchanges. Recent regulations classify such IT infrastructures as critical, mandating precise and specific security requirements. The provision of security is thus not only a technical, but a legal requirement as well. Any vulnerability in a medical device may endanger the patients' privacy, and even their lives. The availability of security expertise, however, cannot be assumed as guaranteed throughout the whole life cycle of the medical devices, mainly due to the scarcity of security experts, among other things. We propose a holistic approach that addresses the challenge of scarce security expertise during the operational phases and is specially devised for mobile medical devices interconnected through healthcare IT infrastructures. Moreover, the model tackles security issues at design time, providing solution architectures that incorporate the security concerns. It combines well-established methodologies and reference models: the former used in the field of Industrial Internet of Things (IIoT) to build robust architectures, and the later employed to guarantee information assurance and security.