Creation of a Socio-Technical Framework for Securing Personal Monitoring Devices (PMD)

Author: Heeralu Pathirannahalage Asanka Pathirana

Pathirana, Heeralu Pathirannahalage Asanka, 2017 Creation of a Socio-Technical Framework for Securing Personal Monitoring Devices (PMD) , Flinders University, College of Science and Engineering

Terms of Use: This electronic version is (or will be) made publicly available by Flinders University in accordance with its open access policy for student theses. Copyright in this thesis remains with the author. You may use this material for uses permitted under the Copyright Act 1968. If you are the owner of any included third party copyright material and/or you believe that any material has been made available without permission of the copyright owner please contact with the details.


New healthcare technologies facilitate additional care pathways and opportunities for the patient beyond that of traditional care. This includes patient care using the Internet of Things (IoT), such as monitoring fitness and blood pressure on a regular basis, and the storage of data for later detailed analysis. Chronic disorders such as respiratory illness, physiological disorders, cardiovascular diseases, stroke, and diabetes have benefited from using Personal Monitoring Devices (PMDs). In addition to the previously above mentioned sectors, both aged care and child care sectors are vitally dependent on the regular monitoring. The objective is either maintaining health or having timely treatment using data collected using PMDs. Further, many individuals are interested in using PMDs for learning about their daily activities such as calories burned, diet, exercise regime and the impact of these on heart rate and other vital signs. However, there are increasing concerns for privacy and security of personal health information generated by PMDs, yet the users themselves also contribute to leakage of such as when they breach best practices in the use of PMDs.

Statement of Problem: The Healthcare Internet of Things (HIoT) consists of smart medical devices with various applications and using differing communication technologies. It is essential to educate consumers on how to interact safely and securely within the HIoT environment without introducing additional vulnerabilities that may lead to unnecessary risks to their information. At present, there is insufficient attention paid to this socio-technical perspective specific to HIoT. Further there is no guidance for consumers on the human factors of HIoT. The research question considers the possibility of developing a socio-technical impact framework to assist users with the secure use of Personal Monitoring Devices.

Methodology: A review of the literature using a case study approach to investigate the current use of HIoT PMDs, the security measures of HIoT, and the specific security problems attributed to consumers, was undertaken to identify vulnerabilities. Subsequently, supplementary experimentation with PMDs in HIoT is undertaken to assess the level of device security. The case study and experimentation were used to introduce prospective countermeasures. Then, a framework was developed to map the countermeasures that could be applied to improve the security and privacy of information based on the human factors of HIoT. Finally, guidelines were constructed for PMD users based on the new framework.

Impact: The research identifies the level of involvement of consumers in their personal security posture when using HIoT PMDs. This research may assist in educating people in secure information usage, and explore mechanisms to improve a secure user experience with such devices. Such research is important given the sensitive nature of health addressing lapses in health information security.

Keywords: Healthcare, Internet of Things, personal monitoring devices, socio-technical security, human factors

Subject: Computer Science thesis

Thesis type: Masters
Completed: 2017
School: College of Science and Engineering
Supervisor: Professor Trish Williams