{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T06:44:20Z","timestamp":1781333060682,"version":"3.54.1"},"reference-count":28,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2017,2,24]],"date-time":"2017-02-24T00:00:00Z","timestamp":1487894400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>Security has been an issue of contention in healthcare. The lack of familiarity and poor implementation of security in healthcare leave the patients\u2019 data vulnerable to attackers. The main issue is assessing how we can provide security in an RPM infrastructure. The findings in literature show there is little empirical evidence on proper implementation of security. Therefore, there is an urgent need in addressing cybersecurity issues in medical devices. Through the review of relevant literature in remote patient monitoring and use of a Microsoft threat modelling tool, we identify and explore current vulnerabilities and threats in IEEE 11073 standard devices to propose a new security framework for remote patient monitoring devices. Additionally, current RPM devices have a limitation on the number of people who can share a single device, therefore, we propose the use of NFC for identification in Remote Patient Monitoring (RPM) devices for multi-user environments where we have multiple people sharing a single device to reduce errors associated with incorrect user identification. We finally show how several techniques have been used to build the proposed framework.<\/jats:p>","DOI":"10.3390\/computers6010011","type":"journal-article","created":{"date-parts":[[2017,2,24]],"date-time":"2017-02-24T06:07:21Z","timestamp":1487916441000},"page":"11","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":35,"title":["Exploring a New Security Framework for Remote Patient Monitoring Devices"],"prefix":"10.3390","volume":"6","author":[{"given":"Brian","family":"Ondiege","sequence":"first","affiliation":[{"name":"Department of Computer Science, College of Engineering, Design and Physical Sciences, Brunel University London, London UB8 3PH, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Malcolm","family":"Clarke","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Engineering, Design and Physical Sciences, Brunel University London, London UB8 3PH, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Glenford","family":"Mapp","sequence":"additional","affiliation":[{"name":"Department of Computer Science, School of Science and Technology, Middlesex University London, London NW4 4BT, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2017,2,24]]},"reference":[{"key":"ref_1","unstructured":"Cafazzo, J.A., Leonard, K., Easty, A.C., Rossos, P.G., and Chan, C.T. (2009). Electronic Healthcare, Springer."},{"key":"ref_2","unstructured":"Food and Drug Administration (FDA) (2013). FDA Content of Premarket Submissions for Management of Cybersecurity in Medical Devices."},{"key":"ref_3","unstructured":"Norse SANS Institute Health Care Cyberthreat Report: Widespread Compromises Detected, Compliance Nightmare on Horizon. Available online: https:\/\/www.sans.org\/reading-room\/whitepapers\/analyst\/health-care-cyberthreat-report-widespread-compromises-detected-compliance-nightmare-horizon-34735."},{"key":"ref_4","unstructured":"GS1 Global Standards Pave the Way for Unique Device Identification (UDI). Available online: http:\/\/www.gs1.org\/docs\/healthcare\/GS1_UDI_Position_Paper.pdf."},{"key":"ref_5","unstructured":"Jacob, J.A. Hackers Could Threaten Home Health Monitoring Devices. Available online: http:\/\/www.healthbizdecoded.com\/2013\/09\/hackers-could-threaten-home-health-monitoring-devices."},{"key":"ref_6","unstructured":"Fadilpa\u0161i\u0107, S. NHS Trusts Lack Cyber-Attack Protection. Available online: http:\/\/www.itproportal.com\/2015\/12\/08\/nhs-trusts-lack-cyber-attack-protection\/#ixzz46ejhsgiS."},{"key":"ref_7","unstructured":"Food and Drug Administration (FDA) (2016). Postmarket Management of Cybersecurity in Medical Devices Draft Guidance for Industry and Food and Drug Administration Staff."},{"key":"ref_8","unstructured":"Doctors Remote Patient Monitoring: Real-Time Patient Data, Real Liability Risks. Available online: http:\/\/www.thedoctors.com\/KnowledgeCenter\/PatientSafety\/articles\/Remote-Patient-Monitoring-Real-Time-Patient-Data-Real-Liability-Risks."},{"key":"ref_9","unstructured":"HIPPA Health Insurance Portability and Accountability Act of 1996, Available online: https:\/\/www.healthit.gov\/sites\/default\/files\/rules-regulation\/health-insurance-portability.pdf."},{"key":"ref_10","unstructured":"Data Protection Act 1998, Available online: http:\/\/www.legislation.gov.uk\/UKPGA\/1998\/29\/contents."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"768","DOI":"10.1177\/193229681100500331","article-title":"Telemedicine security: A systematic review","volume":"5","author":"Garg","year":"2011","journal-title":"J. Diabetes Sci. Technol."},{"key":"ref_12","unstructured":"Continua Health Alliance (2008). Recommendations for Proper User Identification in Continua Version 1\u2014PAN and xHR Interfaces, Continua Health Alliance."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ondiege, B., Clarke, M., and Mapp, G. (2016, January 1\u20133). Exploring Security of Remote Patient Monitoring Devices Using NFC Technology for Identification of the Frail Elderly. Proceedings of the 8th International Conference e-Health, Funchal, Portugal.","DOI":"10.3390\/computers6010011"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Vavilis, S., Petkovi, M., and Zannone, N. (2012, January 27\u201328). Impact of ICT on Home Healthcare. Proceedings of the IFIP International Conference on Human Choice and Computers (HCC 2012), Amsterdam, The Netherlands.","DOI":"10.1007\/978-3-642-33332-3_11"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Kliem, A., H\u00e4nsel, J., Hovestadt, M., John, M., and Kao, O. (2011, January 5\u20139). Towards self-organization of networked medical devices. Proceedings of the IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), Toulouse, France.","DOI":"10.1109\/ETFA.2011.6059230"},{"key":"ref_16","unstructured":"Ondiege, B., and Clarke, M. (2014, January 10\u201312). Healthcare Professionals Perception on Information Security. Proceedings of the 5th International Conference on Internet Technologies & Society, Taipei, Taiwan."},{"key":"ref_17","unstructured":"IEEE Standards on Cybersecurity. Available online: http:\/\/theinstitute.ieee.org\/benefits\/standards\/ieee-standards-on-cybersecurity."},{"key":"ref_18","unstructured":"Part 10103: Nomenclature\u2014Implantable device, cardiac. Available online: https:\/\/shop.austrian-standards.at\/Preview.action;jsessionid=BD0A395AEB0CBA9629F4007A60E72462?preview=&dokkey=521755&selectedLocale=en."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"142","DOI":"10.1161\/01.HYP.0000150859.47929.8e","article-title":"AHA Scientific Statement: Recommendations for blood pressure measurement in humans and experimental animals, part 1: Blood pressure measurement in humans","volume":"45","author":"Pickering","year":"2005","journal-title":"Hypertension"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Petkovi\u0107, M. (2009, January 7\u20139). Remote Patient Monitoring: Information Reliability Challenges. Proceedings of the 9th International Conference on Telecommunication in Modern Satellite, Cable, and Broadcasting Services (TELSIKS \u201909), Nis, Serbia.","DOI":"10.1109\/TELSKS.2009.5339520"},{"key":"ref_21","unstructured":"Gibbs, M., and Quillen, H. The Medical-Grade Network: Helping Transform Healthcare. Available online: http:\/\/www.cisco.com\/web\/strategy\/docs\/healthcare\/07CS1034_HC_Whitepaper_r5.pdf."},{"key":"ref_22","unstructured":"OWASP Category: Threat Modelling. Available online: https:\/\/www.owasp.org\/index.php\/Category:Threat_Modeling."},{"key":"ref_23","unstructured":"(2008). SDL Threat Modeling Tool, Microsoft Corporation. version 3."},{"key":"ref_24","first-page":"44","article-title":"A Conceptual framework for secure mobile health","volume":"11","author":"Pah","year":"2013","journal-title":"J. Int. Soc. Telemed. eHealth"},{"key":"ref_25","unstructured":"Patient Privacy in a Mobile World: A Framework to Address Privacy Law Issues in Mobile Health. Available online: http:\/\/www.trust.org\/contentAsset\/raw-data\/03172beb-0f11-438e-94be-e02978de3036\/file."},{"key":"ref_26","unstructured":"Gerdes, M., and Fensli, R. (2015, January 15\u201317). End-to-end Security and Privacy Protection for Co-operative Access to Health and Care Data in a Telehealth Trial System for Remote Supervision of COPD-Patients. Proceedings of the 13th Scandinavian Conference on Health Informatics, Troms\u00f8, Norway."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Mapp, G., Aiash, M., Ondiege, B., and Clarke, M. (2014, January 7\u201311). Exploring a New Security Framework for Cloud Storage Using Capabilities. Proceedings of the IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), Oxford, UK.","DOI":"10.1109\/SOSE.2014.69"},{"key":"ref_28","unstructured":"NHS Information Governance (2008). Guidelines on Use of Encryption to Protect Person Identifiable and Sensitive Information."}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/6\/1\/11\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:29:04Z","timestamp":1760207344000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/6\/1\/11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,2,24]]},"references-count":28,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2017,3]]}},"alternative-id":["computers6010011"],"URL":"https:\/\/doi.org\/10.3390\/computers6010011","relation":{},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,2,24]]}}}