A few months ago we announced the results of our Wanda project, as published in INFOCOM 2016. Today we’re excited to share this new video description of the project! Thanks to Abby Starr and Shiyao Peng of Dartmouth’s DALI lab, and Tim Pierson of the THaW team, for this fun and informative production.
Nearly every setting is increasingly populated with wireless and mobile devices – whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals simply, securely, and consistent with user intent. We call our approach Wanda – a `magic wand’ that accomplishes all three of the above goals – and evaluate a prototype implementation.
NSF highlighted the THaW project on its website last week, gaining notice in blogs like Politico morning eHealth, the HealthITSecurity, and FierceMobileHealthcare. NSF’s article describes THaW research on mobile-app security and on the authentication of clinical staff to clinical information systems, among other things.
ACM SIGMOBILE’s group N2Women announced today its inaugural list of “10 women in networking/ communications that you should know”, including THaW co-PI Klara Nahrstedt from UIUC. She is in impressive company – details on these ten amazing women, as well as quotes from the many people who nominated these women, are available at the link below.
Congratulations to Professor Klara Nahrstedt!
Earlier this year, President Obama presented a plan to launch the Precision Medicine Initiative (PMI), an ambitious research effort to recruit over one million participants in a long-term effort to understand the individual characteristics of health and disease. The research effort will aggregate clinical data as well as behavioral and environmental data – including, potentially, sensor data from smartphones and wearables – which will, needless to say, require careful security precautions and wise privacy policies.
The PMI advisory board invited THaW researcher David Kotz to a summer workshop on the potential for mobile technology in collecting data for PMI, and specifically to comment on mechanisms to support privacy. The PMI’s proposed Privacy and Trust Principles are an interesting read! [pdf]
Today, the White House Office of Science and Technology Policy (OSTP) gathered a dozen thought leaders – including THaW team members Darren Lacey and David Kotz – to advise them as they begin developing a security framework for the Precision Medicine Initiative. This fascinating discussion was led by Chief Data Scientist DJ Patil, and is just the first step in developing a comprehensive security framework for this important national research initiative.
Security and Privacy: Mobile Medical Applications
David Kotz, PhD – Dartmouth College
September 8, 2015 12pm-1pm ET
NSF CISE: Smart and Connected Health Presentation and Webcast
4201 Wilson Boulevard, Arlington VA, Room 110
Mobile medical applications offer tremendous opportunities to improve quality and access to care, reduce cost, and improve individual wellness and public health. These new technologies, whether in the form of software for smartphones as specialized devices to be worn, carried, or applied as needed, may also pose risks if they are not designed or configured with security and privacy in mind. For example, a patient’s insulin pump may accept dosage instructions from unauthorized smartphones running a spoofed application; another patient’s fertility-tracking app may be probing the Bluetooth network for its associated device, exposing her use of this app to nearby strangers. In this webinar, Dr. David Kotz presents an overview of the security and privacy challenges posed by mobile medical applications, including important open issues that require further research.
Webcast Access: https://nsf.webex.com/nsf/onstage/g.php?d=744297685&t=a
When KQED radio needed input on the breaking news about the Anthem hacking incident, they reached out to THaW. David Kotz, PI, is quoted in this brief story on KQED: Hackers Target Anthem, Scrape Personal Data; the tagline is “California’s largest private insurer, Anthem, said on Wednesday it has been hacked. The insurer said hackers broke into databases that stored customers’ personal information such as birthdays, social security numbers and employment information.”
THaW PI David Kotz presented a keynote talk at the Workshop on Networked Healthcare Technologies (NetHealth) today in Bangalore, India. This talk provided an overview of the economic and technical trends leading to the THaW project, a summary of a few THaW projects underway, and a research agenda for security and privacy in healthcare IT. The talk was well received and was a wonderful opportunity for interchange of ideas in both the US and India contexts.
Last month, a broad mix of experts convened by THaW researcher Carl Landwehr convened in New Orleans to begin drafting a “building code” for medical-device software. They’ve just released their report, and there is already talk about taking some of these ideas into the various standards bodies. Check out their report and feel free to leave comments on their site. — dave
Perhaps the largest annual event related to mHealth is the mHealth Summit, held near Washington DC. Today, the summit kicked off with a Privacy & Security Symposium, including a panel on Medical Device Security anchored by both Kevin Fu and Darren Lacey from the THaW team. Kevin, Darren and the other panelists spoke about some of the security concerns that medical devices pose for patients, clinicians, and hospitals. The audience brought together a broad mix of medical practitioners, device and software vendors, security professionals, and computer scientists.
Kevin Fu and Darren Lacey at the center of a panel session at the mHealth Summit.
THaW professor Eric Johnson (Vanderbilt) recently presented a new paper at the Conference on Information Systems and Technology (CIST), a division of INFORMS.
See the video abstract. A full version of the paper is under review at a journal.
Meaningful healthcare security: Does “Meaningful-use” attestation improve information security performance?
Juhee Kwon and M. Eric Johnson
Certification mechanisms are often employed to signal performance of difficult-to-observe management practices. In the healthcare sector, financial incentives linked to “meaningful-use” attestation have been a key policy initiative of the Obama administration to accelerate electronic health record (EHR) adoption while also focusing healthcare providers on protecting sensitive healthcare data. Given the rapid push for safe digitization of patient data, this study examines how hospital attestation influences the occurrence of subsequent data breaches and also how breach performance is associated with penalties from prior breaches. Using a propensity score matching technique combined with a difference-in-differences approach, we analyze a matched sample of 869 U.S. hospitals. We find that hospitals that attest to having reached Stage-1 meaningful-use standards observe reduced external breaches in the short term, but do not see continued improvement in the following year. On the other hand, attesting hospitals observe short-term increases in accidental internal breaches, but eventually see longer-term reductions. We do not find any link between malicious internal breaches and attestation. Further, we find that the interaction between meaningful-use attestation (carrot) and prior failure resulting in penalties (stick) enhances short-term reductions of accidental internal and external breaches. Our findings offer both theoretical and practical insights into the effective design of certification mechanisms and breach regulations.