This domain has been selected due to the emerging trend to rely on IoT solutions for tele-medicine purposes. The providers of these devices need to be empowered with trustworthy and secure solutions. It aims to solve the cybersecurity aspects of an application designed to improve the conditions of monitoring and follow-up of cancer patients in the active treatment process. The type of treatment that the application addresses is proton based therapy with paediatric oncology patients.
The first time the patient arrives, a team of doctors and nurses is prepared to evaluate the patient in a friendly manner, with a telemonitoring system that is easy to use and provides an evolutionary record. Almost all patients receive radiotherapy and chemotherapy, but each of them undergoes different treatments and is treated in a unique manner.
The project tries to help the doctors and patients to avoid making continuous consultations, but to have an interlocutor to help. It has certain characteristics:
- It is finite, scheduled, it is treated in time, for days. The ability to monitor taking into account the forecasted actions of the days is important.
- There is a need to create valuable information, which: Reflects well the evolution of vital signs; Allows users to enter symptoms on a website at the initiative of patients, such as level of fatigue, sweating, diarrhea, etc., symptoms that can describe the symptom with intensity; Show the medication with which they are being treated.
- The scenario must be continuous, based on a flow of actions, graduated (assessable in levels).
- The project has to empower the nurses, who know what is important for the well-being of the patient; if there is discomfort, the doctor must be notified.
From a technological point of view, the Use Case is based on IoT medical sensors (single or combined), which interoperate with a secure communication channel. ARCADIAN-IoT will work in a platform that helps to obtain a more “technology-focused” healthcare system in order to ease the action plans under these situations by making accessible the patient data from everywhere and by providing a decision support system for helping in critical situations.
The following trust, security and privacy requirements and challenges in this scenario should be addressed in ARCADIAN-IoT: Authentication, Authorization Data protection and Encryption.
- Protect the identity of persons. The guard scenario requires explicit consent from patients, doctors, nurses, caregivers, and all the collection/analysis of data is performed as per privacy and medical regulations. A compliance assessment to all the specific European legislation applicable to this scenario must be included in the project plan to define which are the borders that can be considered.
- Protect the identity of objects. The service requires multiple levels of secure authentication including any device owned by the user and registered in the platform.
- Protect data and identity of persons & objects during communications. Encryption mechanisms are required to secure the information during communications.
- Authorization between patients, doctors, caregivers and objects. The person requesting the surveillance needs to be securely authorized when accessing data and objects employed i, with multiple levels of authorization.
- Trust chain between Medical IoT devices and services of the platform. Mechanisms to assure that all the components of the platform are trustworthy and that each component is provided with means to check the trust of another component.
- Denial of Service of servers providing medical support. The services hosted in the cloud, or edge need to be protected and provided with self-healing mechanisms for attacks with high impact levels and no prevention measures.
The validation of this use case will enable a trustworthy platform for the healthcare system making accessible the patient data from everywhere and by providing a decision support system for helping in critical situations.