Privacy and Security Issues of Wearables in Healthcare

Privacy and Security Issues of Wearables in Healthcare
Keyur Tapan Shah FAN - Shah0211 Student ID – 2160530 Supervisor: Prof. Trish Williams
June 2019
Submitted to the College of Science and Engineering in partial fulfilment of the requirements for the degree of Master of Science at Flinders University –
Adelaide Australia.
1

DECLARATION
I certify that this work does not incorporate without acknowledgment any material previously submitted for a degree or diploma in any university; and that to the best of my knowledge and belief it does not contain any material previously published or written by another person except where due reference is made in the text. Signature Date: 14-06-2019
2

ACKNOWLEDGEMENT
The Master thesis is the most important part of the master’s study. I also choose to do an 18unit master thesis after consulting with senior students and teachers. I would like to convey my special thanks to my senior friend Amarjot Kaur who advised me to do my thesis under Professor Trish Williams. Professor Trish Williams is the key person for me as supervisor towards successful completion of the Master Thesis. I appreciate her invaluable advice and timely feedback to successfully finish my Master Thesis.
3

ABSTRACT
The wearable industry is booming nowadays. Wearable devices once used as a fashion accessory, are now an important tool used in healthcare industries. Wearable devices like smartwatches, smart bands, fitness tracking, smart textiles and smart accessories are used in healthcare industries. This means a patient can monitor their health from home. With this huge advance in technology, there are privacy and security issues with wearable devices. This document presents the literature review of the wearable devices, and the use of it in healthcare. It examines the problems of wearables and the legislation and regulation of wearable devices in Australia, USA, and Europe. There are standards, guidelines, and regulations for privacy and security of wearable devices. These regulations and standards are not strict and many of the manufacturers do not follow the regulations. The user themselves contribute to the leakage data privacy and device security, as they are not aware of different threats and vulnerability of the devices. There should be strict rules and regulation for the wearable devices to maintain privacy, security and data stored in the device. This document also explains how the data can be attacked. Finally, it examines guidelines for consumers and recommendations for manufacture development, so a device is not attacked and thus protected. So, it follows, that if there are strong regulations and consumer awareness of different threats, the device and data stored in the device will be safe.
4

CONTENTS
Abstract ......................................................................................................................................4 Table of Tables ..........................................................................................................................6 Table of Figures .........................................................................................................................6 Acronyms ................................................................................................................................... 7 INTRODUCTION .....................................................................................................................8
Significance of the study ................................................................................................................. 9 Purpose of the study ....................................................................................................................... 9 Aim of the project ........................................................................................................................... 9 Research questions ......................................................................................................................... 9
Literature Review.....................................................................................................................10
What is a wearable?...................................................................................................................... 10 Types of wearables ....................................................................................................................... 10 Data ............................................................................................................................................... 13 Use of wearable devices ............................................................................................................... 13 Use in healthcare .......................................................................................................................... 14
Data privacy and security.....................................................................................................15
What are the problems? ............................................................................................................... 15
Risk ......................................................................................................................................17
Device Architecture....................................................................................................................... 17 Network Connectivity ................................................................................................................... 18 Collection of Data from Wearable Devices ................................................................................... 18 Cloud Computing .......................................................................................................................... 19 Security Risks in Wireless Sensor Networks (WSN) ...................................................................... 19
Methodology ............................................................................................................................22
Case Study ..................................................................................................................................... 22 Types of Case Study ...................................................................................................................... 22
Methodology Selected .........................................................................................................23
Limitations of case study methodology ........................................................................................ 23
Results ...................................................................................................................................... 25 Current solutions..................................................................................................................25 Legislation/ regulation .........................................................................................................27 USA...................................................................................................................................... 28
HIPAA – Health Insurance Portability and Accountability Act ...................................................... 28 FDA Food and Drug Administration .............................................................................................. 29
Australia ............................................................................................................................... 31
5

TGA - Therapeutic Goods Adminstration ...................................................................................... 31
Europe ..................................................................................................................................32
ISO and others............................................................................................................................... 32
Data collection .....................................................................................................................33 Discussion ................................................................................................................................39
Guidelines ..................................................................................................................................... 39 Recommendations for manufacturers.......................................................................................... 41
Conclusion ...............................................................................................................................43 References ................................................................................................................................ 45
TABLE OF TABLES
Table 1 – Different Type Of Wearable Devices ......................................................................10 Table 2 - Security Risk To WBAN and Corresponding Security Requirement ......................20 Table 3 - Threats And Vulnerabilities. ....................................................................................36 Table 4 - Recommendations for Protection .............................................................................40 Table 5 - Recommendation for Manufactures .........................................................................42
TABLE OF FIGURES
Figure 1 - Use Of Wearables In Different Countries...............................................................15 Figure 2 - Research Design......................................................................................................23 Figure 3 - Regulations For Wearable Devices In USA, Australia and Europe........................27 Figure 4 – Shows How Medical Devices Are Classified By TGA..........................................33
6

ACRONYMS
IOT - Internet of Thing NFC - Near Field Communication GUI - Graphical User Interface WHMS - Wearable health-monitoring system Wi-Fi - Wireless Fidelity HIT - Health Information Technology DoS - Denial of Services HIPAA - Health Insurance Portability and Accountability Act WSN - Wireless Sensor Network FDA - Food and Drug Autoimmunisation ISO - International Organization for Standardization TGA - Therapeutic Goods Administration
7

INTRODUCTION
In recent years, the electronic technology industry has made a huge investment in wearable devices. The companies are making different types of wearables like smart watches, fitness trackers, smart clothes, wrist bands, etc (Swan, 2012). The use of these wearables is being adopted for research and for our healthcare, like sleeping habits, checking our heart rate, the number of steps taken, running speed, etc (Garcia-Mancilla & Gonzalez, 2015; Sano & Picard, 2013).
We are entering a new computer era that is called Internet of Thing (IOT) (Siboni, Shabtai, Tippenhauer, Lee, & Elovici). The IoT is a keyword in which all the smart objects are contacted through internet. The IoT contains smart technology and machinery to communicate with other machines or objects. With this, a huge amount of data is being produced. This huge amount of data is being processed into use actions that can communicate and control things which make our life easier and safer (Karimi, Atkinson, & ARM, 2013).
Wearable technology uses these devices to monitor our health. Wearable devices are useful tools for encouraging and motivating users who use these devices to measure their fitness levels and healthcare. These can be a good way for delivering health related data and self-knowledge (Cafazzo, Casselman, Hamming, Katzman, & Palmert, 2012; Li, Dey, & Forlizzi, 2010).
The data collected by a device can range from heart rate, sleeping habits, temperature and location of the wearer. As such, privacy and security issues arise. So this becomes a prime device to target sensitive information (Arias, Wurm, Hoang, & Jin, 2015a). Privacy consent and security are the biggest problem in this field. There are few regulations and legislation for wearables in healthcare that protect the data and devices.
There are regulations and legislation in different countries, but every country has different regulations concerning wearable devices. These are explained in this document. Lastly this document has recommendations for manufactured devices and guidelines for consumer data and device safety.
The wearable devices stored large amount of health data which can be access by manufactures or third party without user knowing it. This creates huge privacy and security problem and the personal health data can fall into wrong hands. A user should be informed about the risk involved in it.
8

Significance of the study This research is aimed to give knowledge about privacy and security of wearables which are used in healthcare. The objective is to review wearable devices that monitor our personal health in our day to day life and how to protect the devices. The main impact will be on the developer and user of the wearable devices.
• It will provide help to understand why an individual should try to protect their own personal information.
• Manufacturers will understand the need for privacy and security and add some more feature in the devices.
Purpose of the study There are many wireless techniques which are used to transfer data from wearable devices to mobile, cloud or a given destination. The wireless technology such as Bluetooth, Wi-Fi, near field communication (NFC) and infrared data association, are a few common ways to transfer data from a wearable to a given destination (Kim & Lim, 2015). However, there are many problems in transferring data through wireless. The transfer of wearable device data is usually without any encryption and much of the data that is stored on the device is not encrypted (Lemos, 2016).
Aim of the project Wearable devices collect health data, living habits and the location of the wearer. As such, privacy and security issues arise. The device stores personal information of the wearer, so it becomes a prime target for an attacker who is looking to obtain the data (Arias, Wurm, Hoang, & Jin, 2015b). The main aim is to understand the privacy and security issues of wearable device, and the privacy of the data and identify the techniques and methods for managing security and privacy problems in wearable devices. Research questions Understanding the privacy and security issues of wearable devices, is the objective of this research. The research question is “how can data collected using wearable devices be protected to avoid misuse?”
9

LITERATURE REVIEW
The literature review explains the different aspects of wearable devices. There are many types of wearable devices in the market which are used to monitor our health. These devices are in the form of accessories, clothing and patches. These devices help to monitor our health at home and it also can help to diagnose different diseases and symptoms in our body. These wearable devices have also become a fashion style nowadays. These devices have different types of sensors which collects data from the surroundings. The wearable devices are growing in the field of healthcare, as they give real time feedback to the user or doctor. The wearable devices lack security, like password protection and encryption. Security in the wearable device is important because it contains sensitive health data of a user. The wearable devices have different types of security risks relating to cloud, hardware, software, sensor and many more which have been expanded on below. What is a wearable? Wearable is a thing which we can wear on our body. This type of technology has become a common part of world technology (Wright & Keith, 2014). The word wearable is often used with technology (wearable technology) and devices (wearable devices). The wearable technology should be mobile and means that it should go where the wearer goes (Billinghurst & Starner, 1999). Wearable technology and wearable devices are the words which describe computer and electronics that are integrated into our accessories and clothing which can be worn comfortably on the body (Sultan, 2015).
Types of wearables Many large technology companies have entered into the market with wearable devices. These companies have expanded this technology into health industries. This technology is embedded in textile or accessories. These devices record different types of our living habits and help to motivate the user to live a better life (Patel, Asch, & Volpp, 2015). There are few wearables devices which are used to monitor our health, which are mentioned in Table1 and categorised into Accessories, Smart Cloths, Patches and Medical Devices.
10