Forensic Readiness for Wireless Medical Systems: Designing for User Safety
The focus of this research is on the risks associated with wireless medical systems (WMedSys) and devices in the healthcare environment. The deployment of wireless communications in medical healthcare environments has rapidly increased to meet the clinical requirements, and to have the benefits of mobility and accessibility for everyone. Many medical devices such as telemetry, pulse oximetry monitors, electrocardiography (ECG) carts, neuro-stimulators, infusion pumps, insulin pumps, pacemakers, implantable cardioverter defibrillators (ICD) and drug pumps use the wireless communication technologies for practical service advantages. The wireless medical devices (WMedDs) allow mobility, continuous monitoring of users’ health in real-time, and other service advantages. However, these technology innovations are vulnerable to unplanned failure and intentional disruption. In this thesis, the concern for patient safety is addressed by evaluating current systems, designing improved systems, and advocating for better security provisions. The nature of wireless networking has inherited security and privacy problems that transfer theoretically and practically to the medical healthcare industry. The growth in wireless network deployments and devices has created the problem of security vulnerabilities leading to potential patient harm. Many incidences have been reported where service functionality, patient harm, and intentional damage have occurred. For instance, Radcliffe (2011) demonstrated hacking a commercially available wireless insulin pump, which controls the insulin dosages for patients who have diabetes. Likewise, Halperin et al. (2008, p. 1) have performed a number of “software radio-based attacks” on implantable cardioverter defibrillators (ICDs). Chapter 2 also reports three such cases. Such types of attacks can compromise patient safety, patient privacy and negate the expected benefits from using wireless technologies. Hence, the risks and concerns in the problem area require detailed research and mitigation from working solutions.
Design Science (DS) is adopted as the research methodology. DS has the benefit of managing theory to build artefacts. These artefacts may be investigated in context, and improvement by design and functionality through continuous iterations and testing. Depending on the characteristics and the goals of the research, a researcher can shape the processes to deliver innovative or confirmatory outcomes. In this research, the DS research methodology is applied to a design artefact extracted from the review of relevant past literature. It is then put through rounds of testing that include confirmation, improvement, and expert feedback. The purpose of DS is not only to develop an artefact but also to answer the research questions and give solutions for problems. The main research question is: “What can be improved to make digital forensic investigation more effective in a wireless medical system?” The entry point of problem solving has been adopted and the methods of testing, experiment and expert feedback are used to formulate the artefact design. The key contribution of the research is to innovate a forensically ready system that will preserve and make available digital evidence (a costing of the system is provided in Appendix C).
The thesis is structured to provide a substantial literature review (see the reference list pp. 187-246), a methodological explanation, the reported findings from the confirmatory tests (see Appendix B data), reported findings from the scenario tests (see Appendix E and Appendix F), and reported findings from the expert feedback (see Appendix D). The research hypotheses are tested, and the research questions are answered (see Chapter 8). The design for WMedSys is presented as an improved solution to the research problem. The thesis concludes with a summary and recommendations for further research.