Investigating Protected Health Information Leakage from Android Medical Applications

George Grispos; Talon Flynn; William Bradley Glisson; Kim Kwang Raymond Choo

doi:10.1007/978-3-030-78459-1_23

Investigating Protected Health Information Leakage from Android Medical Applications

George Grispos, Talon Flynn, William Bradley Glisson, Kim Kwang Raymond Choo

School of Interdisciplinary Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Scopus citations

Abstract

As smartphones and smartphone applications are widely used in a healthcare context (e.g., remote healthcare), these devices and applications may need to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. In other words, adequate safeguards to protect the user’s sensitive information (e.g., personally identifiable information and/or medical history) are required to be enforced on such devices and applications. In this study, we forensically focus on the potential of recovering residual data from Android medical applications, with the objective of providing an initial risk assessment of such applications. Our findings (e.g., documentation of the artifacts) also contribute to a better understanding of the types and location of evidential artifacts that can, potentially, be recovered from these applications in a digital forensic investigation.

Original language	English (US)
Title of host publication	Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 5th EAI International Conference, FABULOUS 2021, Proceedings
Editors	Dragan Perakovic, Lucia Knapcikova
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	311-322
Number of pages	12
ISBN (Print)	9783030784584
DOIs	https://doi.org/10.1007/978-3-030-78459-1_23
State	Published - 2021
Event	5th EAI International Conference on Future Access Enablers for Ubiquitous and Intelligent Infrastructures, FABULOUS 2021 - Virtual, Online Duration: May 6 2021 → May 7 2021

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	382
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	5th EAI International Conference on Future Access Enablers for Ubiquitous and Intelligent Infrastructures, FABULOUS 2021
City	Virtual, Online
Period	5/6/21 → 5/7/21

Keywords

Information leakage
Medical device
Mobile phone
Privacy
Protected Health Information
Security

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-030-78459-1_23

Cite this

Grispos, G., Flynn, T., Glisson, W. B., & Choo, K. K. R. (2021). Investigating Protected Health Information Leakage from Android Medical Applications. In D. Perakovic, & L. Knapcikova (Eds.), Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 5th EAI International Conference, FABULOUS 2021, Proceedings (pp. 311-322). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 382). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-78459-1_23

Investigating Protected Health Information Leakage from Android Medical Applications. / Grispos, George; Flynn, Talon; Glisson, William Bradley et al.
Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 5th EAI International Conference, FABULOUS 2021, Proceedings. ed. / Dragan Perakovic; Lucia Knapcikova. Springer Science and Business Media Deutschland GmbH, 2021. p. 311-322 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 382).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Grispos, G, Flynn, T, Glisson, WB & Choo, KKR 2021, Investigating Protected Health Information Leakage from Android Medical Applications. in D Perakovic & L Knapcikova (eds), Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 5th EAI International Conference, FABULOUS 2021, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 382, Springer Science and Business Media Deutschland GmbH, pp. 311-322, 5th EAI International Conference on Future Access Enablers for Ubiquitous and Intelligent Infrastructures, FABULOUS 2021, Virtual, Online, 5/6/21. https://doi.org/10.1007/978-3-030-78459-1_23

Grispos G, Flynn T, Glisson WB, Choo KKR. Investigating Protected Health Information Leakage from Android Medical Applications. In Perakovic D, Knapcikova L, editors, Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 5th EAI International Conference, FABULOUS 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 311-322. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-030-78459-1_23

Grispos, George ; Flynn, Talon ; Glisson, William Bradley et al. / Investigating Protected Health Information Leakage from Android Medical Applications. Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 5th EAI International Conference, FABULOUS 2021, Proceedings. editor / Dragan Perakovic ; Lucia Knapcikova. Springer Science and Business Media Deutschland GmbH, 2021. pp. 311-322 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{af483ed8d690409cb83194438be89d2c,

title = "Investigating Protected Health Information Leakage from Android Medical Applications",

abstract = "As smartphones and smartphone applications are widely used in a healthcare context (e.g., remote healthcare), these devices and applications may need to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. In other words, adequate safeguards to protect the user{\textquoteright}s sensitive information (e.g., personally identifiable information and/or medical history) are required to be enforced on such devices and applications. In this study, we forensically focus on the potential of recovering residual data from Android medical applications, with the objective of providing an initial risk assessment of such applications. Our findings (e.g., documentation of the artifacts) also contribute to a better understanding of the types and location of evidential artifacts that can, potentially, be recovered from these applications in a digital forensic investigation.",

keywords = "Information leakage, Medical device, Mobile phone, Privacy, Protected Health Information, Security",

author = "George Grispos and Talon Flynn and Glisson, {William Bradley} and Choo, {Kim Kwang Raymond}",

note = "Funding Information: Acknowledgments. This research was financially supported by the Nebraska Research Initiative (NRI). The statements, opinions, and content included in this publication do not necessarily reflect the position or the policy of the NRI, and no official endorsement should be inferred. Publisher Copyright: {\textcopyright} 2021, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.; 5th EAI International Conference on Future Access Enablers for Ubiquitous and Intelligent Infrastructures, FABULOUS 2021 ; Conference date: 06-05-2021 Through 07-05-2021",

year = "2021",

doi = "10.1007/978-3-030-78459-1_23",

language = "English (US)",

isbn = "9783030784584",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "311--322",

editor = "Dragan Perakovic and Lucia Knapcikova",

booktitle = "Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 5th EAI International Conference, FABULOUS 2021, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Investigating Protected Health Information Leakage from Android Medical Applications

AU - Grispos, George

AU - Flynn, Talon

AU - Glisson, William Bradley

AU - Choo, Kim Kwang Raymond

N1 - Funding Information: Acknowledgments. This research was financially supported by the Nebraska Research Initiative (NRI). The statements, opinions, and content included in this publication do not necessarily reflect the position or the policy of the NRI, and no official endorsement should be inferred. Publisher Copyright: © 2021, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.

PY - 2021

Y1 - 2021

N2 - As smartphones and smartphone applications are widely used in a healthcare context (e.g., remote healthcare), these devices and applications may need to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. In other words, adequate safeguards to protect the user’s sensitive information (e.g., personally identifiable information and/or medical history) are required to be enforced on such devices and applications. In this study, we forensically focus on the potential of recovering residual data from Android medical applications, with the objective of providing an initial risk assessment of such applications. Our findings (e.g., documentation of the artifacts) also contribute to a better understanding of the types and location of evidential artifacts that can, potentially, be recovered from these applications in a digital forensic investigation.

AB - As smartphones and smartphone applications are widely used in a healthcare context (e.g., remote healthcare), these devices and applications may need to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. In other words, adequate safeguards to protect the user’s sensitive information (e.g., personally identifiable information and/or medical history) are required to be enforced on such devices and applications. In this study, we forensically focus on the potential of recovering residual data from Android medical applications, with the objective of providing an initial risk assessment of such applications. Our findings (e.g., documentation of the artifacts) also contribute to a better understanding of the types and location of evidential artifacts that can, potentially, be recovered from these applications in a digital forensic investigation.

KW - Information leakage

KW - Medical device

KW - Mobile phone

KW - Privacy

KW - Protected Health Information

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85111426556&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85111426556&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-78459-1_23

DO - 10.1007/978-3-030-78459-1_23

M3 - Conference contribution

AN - SCOPUS:85111426556

SN - 9783030784584

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 311

EP - 322

BT - Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 5th EAI International Conference, FABULOUS 2021, Proceedings

A2 - Perakovic, Dragan

A2 - Knapcikova, Lucia

PB - Springer Science and Business Media Deutschland GmbH

T2 - 5th EAI International Conference on Future Access Enablers for Ubiquitous and Intelligent Infrastructures, FABULOUS 2021

Y2 - 6 May 2021 through 7 May 2021

ER -

Investigating Protected Health Information Leakage from Android Medical Applications

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this