Information Security Risk Assessment : An Analysis of a Medical Aid Service

Sammanfattning: Security in the healthcare sector has historically been insufficient, seeing several high-profile cyber-attacks crippling availability of equipment and vital services with demands of ransom sums, and intrusions collecting sensitive patient data en masse. For this reason, digital services intended for medical use need to be convincingly secure in order to be adopted. This report investigates how to implement sufficient information security for a system involving a digital pill organiser with mobile application connectivity intended for professional medical use. Each component of the currently-indevelopment Dosis Pro system is systematically evaluated in order to assess which security measures need to be taken for the service to be considered adequately secure. The analysis is structured around the ISO IEC 27001:2013 guidelines, and potential solutions are suggested on a per-component basis based on a broad literature study in related research. The result is practical solutions for 19 highlighted problem areas, which should achieve a reasonable level of security overall in combination with the careful data flow of the service. Further, to achieve an exceptionally secure system it is advisable to test the solutions on a complete system, and continuously carry out similar evaluations and improve its design throughout several years of operation.