Cybernetics and Computer Engineering, 2023, 2(212)
PANAGIOTIS KATRAKAZAS1, Ph.D.,
Research Area Manager,
Delivery Manager & Sustainability Expert,
Chief Technology Officer,
ILIAS SPAIS2, Ph.D.,
Senior Project Manager,
Researcher ID: 0000-0002-6167-3247,
1Zelus P.C., Tatoiou 92, 14452, Metamorfosi, Athens, GR
2AEGIS IT Research GmbH, 25 Humboldt Str. Braunschweig, 38106, Germany
ANALYSIS AND DEFINITION OF NECESSARY MECHANISMS TO ENSURE THE SECURITY AND PRIVACY OF DIGITAL HEALTH DATA UNDER A CYBERNETIC DIGITAL INVESTIGATION FRAMEWORK
Introduction: The recent scale-up of events caused after the Covid-19 pandemic and its subsequent healthcare crisis, highlights the digital forensics importance in a connected health ecosystem. It is therefore safe to assume that there is a growing interest in digital forensics and how they are applied within the existing healthcare ecosystem and under which concept, posing the main research question of the current study.
The purpose of the paper is to presente here focuses on defining and developing the necessary mechanisms to ensure the security and privacy of the data disseminated by existing research in both fields of digital health and cybersecurity. A cybernetics-inspired framework is structured based on existing practices and key gaps identified.
Results: Five electronic databases, namely Scopus, IEEEXplore, PubMed, DOAJ (Directory of Open Access Journals and arXiV were identified as the main data sources. A State-of-the-Art analysis has been performed to realize the limits of the devices and the machines (including the systems and their elements involved) in the healthcare domain, when these break down so that the investigation will teach us something new that is nontrivial. A highly relevant dimension in our approach for a digital forensics driven connected health landscape is based on rigorous and comprehensive feedback take-off methods, which are seemingly lacking.
Conclusion: The main point of our study is to show that while there might seem an immense multiplicity, a unity can be formulated and vice versa: where something appears as a unit, an unbounded plurality of conditions might be enclosed within it. Moving into a connected health future should be built upon existing accidents so as to mark the upcoming changes that would affect such a system.
Keywords: digital forensics, connected health, cybernetic digital investigation framework, cybersecurity.
1. K. Colorafi, ‘Connected health: a review of the literature’, mHealth, vol. 2, p. 13, Apr. 2016,
2. C. Kuziemsky, R. M. Abbas, and N. Carroll, ‘Toward a Connected Health Delivery Framework’, in 2018 IEEE/ACM International Workshop on Software Engineering in Healthcare Systems (SEHS), May 2018, pp. 46-49.
3. C. S. Pattichis and A. S. Panayides, ‘Connected Health’, Front. Digit. Health, vol. 1, p. 1, 2019,
4. C. Horan and H. Saiedian, ‘Cyber Crime Investigation: Landscape, Challenges, and Future Research Directions’, J. Cybersecurity Priv., vol. 1, no. 4, Art. no. 4, Dec. 2021,
5. S. Kumar, A. K. Bharti, and R. Amin, ‘Decentralized secure storage of medical records using Blockchain and IPFS: A comparative analysis with future directions’, Secur. Priv., vol. 4, no. 5, p. e162, 2021,
6. N. J. Podlesny, A. V. D. M. Kayem, and C. Meinel, ‘Towards Identifying De-anonymisation Risks in Distributed Health Data Silos’, in Database and Expert Systems Applications, Cham, 2019, pp. 33-43.
7. A. Adel, ‘A Conceptual Framework to Improve Cyber Forensic Administration in Industry 5.0: Qualitative Study Approach’, Forensic Sci., vol. 2, no. 1, Art. no. 1, Mar. 2022,
8. M. J. Page et al., ‘The PRISMA 2020 statement: an updated guideline for reporting systematic reviews’, BMJ, vol. 372, p. n71, Mar. 2021.
9. A. Shaaban and N. Abdelbaki, ‘Comparison Study of Digital Forensics Analysis Techniques; Findings versus Resources’, Procedia Comput. Sci., vol. 141, pp. 545-551, Jan. 2018.
10. K. Hovhannisyan, P. Bogacki, C. A. Colabuono, D. Lofù, M. V. Marabello, and B. E. Maxwell, ‘Towards a Healthcare Cybersecurity Certification Scheme’, Jun. 2021.
11. P. Kieseberg, B. Malle, P. Frühwirt, E. Weippl, and A. Holzinger, ‘A tamper-proof audit and control system for the doctor in the loop’, Brain Inform., vol. 3, no. 4, Art. no. 4, Dec. 2016.
12. J. Priisalu and R. Ottis, ‘Personal control of privacy and data: Estonian experience’, Health Technol., vol. 7, no. 4, pp. 441-451, Dec. 2017.
13. G. Grispos, W. B. Glisson, and K.-K. R. Choo, ‘Medical Cyber-Physical Systems Development: A Forensics-Driven Approach’, in 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE), Jul. 2017, pp. 108-113.
14. J. King, ‘Measuring the forensic-ability of audit logs for nonrepudiation’, in 2013 35th International Conference on Software Engineering (ICSE), May 2013, pp. 1419-1422.
15. R. A. Nabha and H. Sbeyti, ‘Exploiting Vulnerabilities Of MRI Scanner Machine: Lebanon Case Study’, in 2020 8th International Symposium on Digital Forensics and Security (ISDFS), Jun. 2020, pp. 1-7.
16. G. Grispos and K. Bastola, ‘Cyber Autopsies: The Integration of Digital Forensics into Medical Contexts’, in 2020 IEEE 33rd International Symposium on Computer-Based Medical Systems (CBMS), Jul. 2020, pp. 510-513.
17. M. Savari, M. Montazerolzohour, and Y. E. Thiam, ‘Comparison of ECC and RSA algorithm in multipurpose smart card application’, in Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), Jun. 2012, pp. 49-53.
18. M. Savari, M. Montazerolzohour, and Y. E. Thiam, ‘Combining encryption methods in multipurpose smart card’, in Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), Jun. 2012, pp. 43-48.
19. M. Chernyshev, S. Zeadally, and Z. Baig, ‘Healthcare Data Breaches: Implications for Digital Forensic Readiness’, J. Med. Syst., vol. 43, no. 1, p. 7, Nov. 2018.
20. V. Malamas, T. Dasaklis, P. Kotzanikolaou, M. Burmester, and S. Katsikas, ‘A Forensics-by-Design Management Framework for Medical Devices Based on Blockchain’, in 2019 IEEE World Congress on Services (SERVICES), Jul. 2019, vol. 2642-939X, pp. 35-40.
21. H. F. Atlam, A. Alenezi, M. O. Alassafi, A. A. Alshdadi, and G. B. Wills, ‘Security, cybercrime and digital forensics for IoT’, in Intelligent Systems Reference Library, Springer International Publishing, 2019.
22. K. Kumari, S. Saha, and S. Neogy, ‘Cost Based Model for Secure Health Care Data Retrieval’, in Security in Computing and Communications, vol. 969, S. M. Thampi, S. Madria, G. Wang, D. B. Rawat, and J. M. Alcaraz Calero, Eds. Singapore: Springer Singapore, 2019, pp. 67-75.
23. A. Bruno and G. Cattaneo, ‘Experimental Analysis of the Pixel Non Uniformity (PNU) in SEM for Digital Forensics Purposes’, in Pervasive Systems, Algorithms and Networks, vol. 1080, C. Esposito, J. Hong, and K.-K. R. Choo, Eds. Cham: Springer International Publishing, 2019, pp. 313-320.
24. S. Bindahman, N. Zakaria, and N. Zakaria, ‘3D body scanning technology: Privacy and ethical issues’, in Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), Jun. 2012, pp. 150-154.
25. J. P. van Zandwijk and A. Boztas, ‘The iPhone Health App from a forensic perspective: can steps and distances registered during walking and running be used as digital evidence?’, Digit. Investig., vol. 28, pp. S126-S133, Apr. 2019.
26. A. Azfar, K.-K. R. Choo, and L. Liu, ‘Forensic Taxonomy of Popular Android mHealth Apps’, ArXiv150502905 Cs, May 2015, Accessed: Oct. 26, 2021. Online. Available: http://arxiv.org/abs/1505.02905
27. Z. A. Alhaboby et al., ‘Understanding the Cyber-Victimisation of People with Long Term Conditions and the Need for Collaborative Forensics-Enabled Disease Management Programmes’, in Cyber Criminology, H. Jahankhani, Ed. Cham: Springer International Publishing, 2018, pp. 227-250.
28. I. Baggili, J. Oduro, K. Anthony, F. Breitinger, and G. McGee, ‘Watch What You Wear: Preliminary Forensic Analysis of Smart Watches’, in 2015 10th International Conference on Availability, Reliability and Security, Aug. 2015, pp. 303-311.
29. G. Grispos, T. Flynn, W. Glisson, and K.-K. R. Choo, ‘Investigating Protected Health Information Leakage from Android Medical Applications’, ArXiv210507360 Cs, May 2021, Accessed: Oct. 27, 2021. Online. Available: http://arxiv.org/abs/2105.07360
30. H. Chi, ‘Integrate mobile devices into CS security education’, in Proceedings of the 2015 Information Security Curriculum Development Conference, New York, NY, USA, Oct. 2015, pp. 1-4.
31. C. Hassenfeldt, S. Baig, I. Baggili, and X. Zhang, ‘Map My Murder: A Digital Forensic Study of Mobile Health and Fitness Applications’, in Proceedings of the 14th International Conference on Availability, Reliability and Security, New York, NY, USA, Aug. 2019, pp. 1-12.
32. M. Akour, S. Banitaan, H. Alsghaier, and K. A. Radaideh, ‘Predicting Daily Activities Effectiveness Using Base-level and Meta level Classifiers’, in 2019 7th International Symposium on Digital Forensics and Security (ISDFS), Jun. 2019, pp. 1-7.
33. T. Flynn, G. Grispos, W. B. Glisson, and W. Mahoney, ‘Knock! Knock! Who is There? Investigating Data Leakage from a Medical Internet of Things Hijacking Attack’, Jan. 2020, Accessed: Oct. 31, 2021. Online. Available: https://shsu-ir.tdl.org/handle/20.500.11875/3199
34. S. Kim, W. Jo, J. Lee, and T. Shon, ‘AI-enabled device digital forensics for smart cities’, J. Supercomput., Jul. 2021.
35. F. Hantke and A. Dewald, ‘How can data from fitness trackers be obtained and analyzed with a forensic approach?’, in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), Sep. 2020, pp. 500-508.
36. Á. MacDermott, S. Lea, F. Iqbal, I. Idowu, and B. Shah, ‘Forensic Analysis of Wearable Devices: Fitbit, Garmin and HETP Watches’, in 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Jun. 2019, pp. 1-6.
37. Y. H. Yoon and U. Karabiyik, ‘Forensic Analysis of Fitbit Versa 2 Data on Android’, Electronics, vol. 9, no. 9, Art. no. 9, Sep. 2020.
38. S. Kang, S. Kim, and J. Kim, ‘Forensic analysis for IoT fitness trackers and its application’, Peer–Peer Netw. Appl., vol. 13, no. 2, pp. 564-573, Mar. 2020,
39. M. Siddiqi, S. T. Ali, and V. Sivaraman, ‘Forensic Verification of Health Data From Wearable Devices Using Anonymous Witnesses’, IEEE Internet Things J., vol. 7, no. 11, pp. 10745-10762, Nov. 2020.
40. N. Rahman and M. Thariq, ‘A digital evidence taxonomy of m-health apps in iot environment’, Jun. 2020.
41. N. Phumkaew and V. Visoottiviseth, ‘Android Forensic and Security Assessment for Hospital and Stock-and-Trade Applications in Thailand’, in 2018 15th International Joint Conference on Computer Science and Software Engineering (JCSSE), Jul. 2018, pp. 1-6.
42. Z. Zhou, A. Gaurav, B. B. Gupta, H. Hamdi, and N. Nedjah, ‘A statistical approach to secure health care services from DDoS attacks during COVID-19 pandemic’, Neural Comput. Appl., pp. 1-14, Sep. 2021.
43. W. Zhuang, Y. Shen, L. Li, C. Gao, and D. Dai, ‘Develop an Adaptive Real-Time Indoor Intrusion Detection System Based on Empirical Analysis of OFDM Subcarriers’, Sensors, vol. 21, no. 7, Art. no. 7, Jan. 2021.
44. C.-L. Hsu, W.-X. Chen, and T.-V. Le, ‘An Autonomous Log Storage Management Protocol with Blockchain Mechanism and Access Control for the Internet of Things’, Sensors, vol. 20, no. 22, Art. no. 22, Jan. 2020.
45. N. H. N. Zulkipli, A. Alenezi, and G. B. Wills, ‘IoT Forensic: Bridging the Challenges in Digital Forensic and the Internet of Things’, presented at the 2nd International Conference on Internet of Things, Big Data and Security, Oct. 2021, pp. 315-324. Accessed: Oct. 27, 2021. Online. Available: https://www.scitepress.org/PublicationsDetail.aspx?ID=fpfedOeeepw=&t=1
46. L. Lao, Z. Li, S. Hou, B. Xiao, S. Guo, and Y. Yang, ‘A Survey of IoT Applications in Blockchain Systems: Architecture, Consensus, and Traffic Modeling’, ACM Comput. Surv., vol. 53, no. 1, p. 18:1-18:32, Feb. 2020.
47. A. Kyaw, B. Cusack, and R. Lutui, ‘Digital Forensic Readiness In Wireless Medical Systems’, in 2019 29th International Telecommunication Networks and Applications Conference (ITNAC), Nov. 2019, pp. 1-6.
48. A. K. Kyaw, Z. Tian, and B. Cusack, ‘Design and Evaluation for Digital Forensic Ready Wireless Medical Systems’, in IoT Technologies for HealthCare, vol. 314, N. M. Garcia, I. M. Pires, and R. Goleva, Eds. Cham: Springer International Publishing, 2020, pp. 118-141.
49. Z. Wu, X. Qi, G. Liu, L. Fang, J. Liu, and J. Cui, ‘An extend RBAC model for privacy protection in HIS’, in 2018 6th International Symposium on Digital Forensic and Security (ISDFS), Mar. 2018, pp. 1-6.
50. M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis, and E. K. Markakis, ‘A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues’, IEEE Commun. Surv. Tutor., vol. 22, no. 2, pp. 1191-1221, 2020.
51. A. Kumar and R. Kumar, ‘Privacy Preservation of Electronic Health Record: Current Status and Future Direction’, in Handbook of Computer Networks and Cyber Security, B. B. Gupta, G. M. Perez, D. P. Agrawal, and D. Gupta, Eds. Cham: Springer International Publishing, 2020, pp. 715-739.
52. X. Liu, X. Yuan, and J. Liu, ‘Towards Privacy-Preserving Forensic Analysis for Time-Series Medical Data’, in 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Aug. 2018, pp. 1664-1668.
53. E. Al Alkeem, C. Y. Yeun, and M. J. Zemerly, ‘Security and privacy framework for ubiquitous healthcare IoT devices’, in 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), Dec. 2015, pp. 70-75.
54. H. Qiu, M. Qiu, M. Liu, and G. Memmi, ‘Secure Health Data Sharing for Medical Cyber-Physical Systems for the Healthcare 4.0’, IEEE J. Biomed. Health Inform., vol. 24, no. 9, pp. 2499-2505, Sep. 2020.
55. P. Agbedanu and A. D. Jurcut, ‘BLOFF: A Blockchain based Forensic Model in IoT’, ArXiv210308442 Cs, pp. 59-73, 2021.
56. J. Yuan and Y. Tian, ‘Practical Privacy-Preserving MapReduce Based K-Means Clustering Over Large-Scale Dataset’, IEEE Trans. Cloud Comput., vol. 7, no. 02, pp. 568-579, Apr. 2019.
57. I. Jayaraman and A. Stanislaus Panneerselvam, ‘A novel privacy preserving digital forensic readiness provable data possession technique for health care data in cloud’, J. Ambient Intell. Humaniz. Comput., vol. 12, no. 5, pp. 4911-4924, May 2021.
58. X. Feng, B. Onafeso, and E. Liu, ‘Investigating Big Data Healthcare Security Issues with Raspberry Pi’, in 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, Oct. 2015, pp. 2329-2334.
59. X. Feng and Y. Zhao, ‘Digital Forensics Challenges to Big Data in the Cloud’, in 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Jun. 2017, pp. 858-862.
60. H. Nguyen et al., ‘Cloud-Based Secure Logger for Medical Devices’, in 2016 IEEE First International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE), Jun. 2016, pp. 89-94.
61. A. Gehani, G. F. Ciocarlie, and N. Shankar, ‘Accountable clouds’, in 2013 IEEE International Conference on Technologies for Homeland Security (HST), Nov. 2013, pp. 403-407.
62. F. Khan, ‘A detailed study on Security breaches of Digital Forensics in Cyber Physical Systems’, in 2019 Sixth HCT Information Technology Trends (ITT), Nov. 2019, pp. 38-43.
63. A. Abdullah, H. Kaur, and R. Biswas, ‘Universal Layers of IoT Architecture and Its Security Analysis’, in New Paradigm in Decision Science and Management, Singapore, 2020, pp. 293-302.
64. J. Ibarra, H. Jahankhani, and J. Beavers, ‘Biohacking Capabilities and Threat/Attack Vectors’, in Cyber Defence in the Age of AI, Smart Societies and Augmented Humanity, H. Jahankhani, S. Kendzierskyj, N. Chelvachandran, and J. Ibarra, Eds. Cham: Springer International Publishing, 2020, pp. 117-131.
65. B. Rappert, H. Wheat, and D. Wilson-Kovacs, ‘Rationing bytes: managing demand for digital forensic examinations’, Polic. Soc., vol. 31, no. 1, pp. 52-65, Jan. 2021.
66. V. Kisekka and J. S. Giboney, ‘The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes’, J. Med. Internet Res., vol. 20, no. 4, p. e107, Apr. 2018.
67. V. Kisekka, S. Goel, and K. Williams, ‘Disambiguating Between Privacy and Security in the Context of Health Care: New Insights on the Determinants of Health Technologies Use’, Cyberpsychology Behav. Soc. Netw., vol. 24, no. 9, pp. 617-623, Sep. 2021.
68. J. A. Hodges, ‘Forensically reconstructing biomedical maintenance labor: PDF metadata under the epistemic conditions of COVID-19’, J. Assoc. Inf. Sci. Technol., Apr. 2021.
69. S. Karakus and E. Avci, ‘Application of Similarity-Based Image Steganography Method to Computerized Tomography Images’, in 2019 7th International Symposium on Digital Forensics and Security (ISDFS), Jun. 2019, pp. 1-4.
70. J. Dalins, Y. Tyshetskiy, C. Wilson, M. J. Carman, and D. Boudry, ‘Laying foundations for effective machine learning in law enforcement. Majura – A labelling schema for child exploitation materials’, Digit. Investig., vol. 26, pp. 40-54, Sep. 2018.
71. K. C. Seigfried-Spellar, ‘Assessing the Psychological Well-being and Coping Mechanisms of Law Enforcement Investigators vs. Digital Forensic Examiners of Child Pornography Investigations’, J. Police Crim. Psychol., vol. 33, no. 3, pp. 215-226, Sep. 2018.
72. T. W. Jing and R. K. Murugesan, ‘Protecting Data Privacy and Prevent Fake News and Deepfakes in Social Media via Blockchain Technology’, Commun. Comput. Inf. Sci., vol. 1347, pp. 674-684, 2021.
73. A. Bruno, G. Cattaneo, U. Ferraro Petrillo, and P. Capasso, ‘PNU Spoofing: a menace for biometrics authentication systems?’, Pattern Recognit. Lett., vol. 151, pp. 3-10, 2021.
74. N. Wiener, Cybernetics; or, Control and communication in the animal and the machine. New York: M.I.T. Press, 1961.
75. R. GLANVILLE, ‘Cybernetics: Thinking Through the Technology’, in Traditions of Systems Theory, Routledge, 2013.
76. L. Helminger and C. Rechberger, ‘Multi-Party Computation in the GDPR’, Priv. Symp. 2022 – Data Prot. Law Int. Converg. Compliance Innov. Technol. DPLICIT, 2022.
77. M. Roy, C. Chowdhury, and N. Aslam, ‘Security and Privacy Issues in Wireless Sensor and Body Area Networks’, in Handbook of Computer Networks and Cyber Security, B. B. Gupta, G. M. Perez, D. P. Agrawal, and D. Gupta, Eds. Cham: Springer International Publishing, 2020, pp. 173-200.
78. A. Vyas and S. Pal, ‘Preventing Security and Privacy Attacks in WBANs’, in Handbook of Computer Networks and Cyber Security, B. B. Gupta, G. M. Perez, D. P. Agrawal, and D. Gupta, Eds. Cham: Springer International Publishing, 2020, pp. 201-225.