A privacy-by-design approach to model the supply chain of a Living Lab: Conceptual issues of privacy, security, and associated vulnerabilities

Abstract

Healthcare organizations are attacked daily by malicious hackers who expose the weak security strategies and vulnerabilities of the entities. Attacks to such organisations, are considered a low-risk and high-reward crimes. Breaches in security and privacy usually refer to cyberattacks, when a set of information is hacked, stolen, corrupted or transferred by unauthorized individuals. Meanwhile, the attacks may differ on every occasion from stealing health records, patients’ data or hack medical devices, such as insulin pumps and pacemakers. Depending on the incidence handling process that each healthcare organization is adopting, the effects of these attacks may be direct, such as patients’ death, or indirect, such as hurting the reputation of the organization, while short and long-term living. The pandemic of Covid-19 has fully revealed how unprotected and vulnerable the healthcare systems are. The Living Labs are an asset within the healthcare ecosystems, in which innovative methodologies and tools are developed and validated. A Living Lab adopts the approach of co-creation, is community-based, and involves various stakeholders, which makes it a necessity to consider cybersecurity. However, there is a lack of research on security and privacy issues related to the Living Labs. The overarching aim of our work is to identify the supply chain of a Living Lab and explore the privacy and security issues with the associated vulnerabilities. The adopted methodology and analysis were via the privacy-by-design tool ‘Secure-Tropos’. The novelty and originality of this piece of work lie in 1) considering the requirements of health and cyber professionals and citizens, 2) adding value to creating a homogenous approach to Data Privacy Governance, 3) identifying and analysing, for the first time in the literature, the supply chain of a Living Lab. The supply chain holistic modelling which has derived, creates space to instigate mitigation strategies for privacy and security risks. The production of this information flow helps professional bodies and organizations to avoid wrongful practices, increase awareness and communicate their needs. The findings of this study have further produced a set of practical awareness mitigation strategies, associated with security and privacy within a Living Lab setting.

Full text

Project Description
vThe supply chain holistic modelling which has derived, creates space to
instigate mitigation strategies for privacy and security risks
vThe production of this information flow helps professional bodies and
organizations to avoid wrongful practices, increase awareness and
communicate their needs
vThe findings of this study have further produced a set of practical
awareness mitigation strategies, associated with security and privacy
within a Living Lab setting
Living Labs are an asset within the healthcare
ecosystem, in which innovative methodologies and
tools are developed and validated. A Living Lab (Figure
1) adopts the approach of co-creation, is community-
based, and involves various stakeholders, which makes
it anecessity to consider cybersecurity.There is alack
of research on security and privacy issues related to the
Living Labs.The adopted methodology and analysis
were via the privacy-by-design tool ‘Secure-Tropos’.
The novelty and originality of this work lie in 1)
considering the requirements of health and cyber
professionals and citizens, 2) adding value to creating a
homogenous approach to Data Privacy Governance, 3)
identifying and analysing, for the first time in the
literature, the supply chain of aLiving Lab.
The overarching aim of our work is to identify
the supply chain of aLiving Lab and explore the
privacy and security issues with the associated
vulnerabilities.
.
Project Aim
The research conducted was funded by the project ‘A Dynamic and Self-Organized Artificial Swarm Intelligence Solution for Security and
Privacy Threats in Healthcare ICT Infrastructures’ (AI4HEALTHSEC) under grant agreement No 883273
A privacy-by-design approach to model the
supply chain of a Living Lab:
Conceptual issues of privacy, security, and vulnerabilities
Figure 1: Stakeholders involved in a Living Lab
vAttack on a telehealth device
vDirect attack on a wireless infrastructure
vIndirect attack on telehealth device and smartphone
vAttack on the software of a telehealth device
vDeletion of all or selected data
vData encryption
vService attack
vSocial engineering
vModification
Potential Attack Scenarios
This is the first study in the literature which presents the supply chain of a Living Lab and
examines its related security and privacy issues via a thorough analysis
Figure 2: Privacy-by-Design View regarding
research staff and counsellor of a Living Lab
Implications
vKeep a balance between technical and non-technical knowledge
vOrganize meetings between all stakeholders to manage the different
views, expectations, and levels of knowledge
vArrange interactive and practical cybersecurity training
vManage and understand ethical implications
vPolicies and standards should be made known to all stakeholders
vBehavioural and social scientists, and phycologists to be involved
Kitty Kioskli1,2, Theofanis Fotis3, Haralambos Mouratidis1
1University of Essex, School of Computer Science and Electronic Engineering, Institute of
Analytics and Data Science (IADS), UK
2trustilio B.V., The Netherlands
3University of Brighton, School of Sport & Health Sciences, Center for Secure, Intelligence and Usable Systems (CSIUS), UK
Conclusions