Mobile medical applications offer tremendous opportunities to improve quality and access to care, reduce cost, and improve individual wellness and public health. These new technologies, whether in the form of software for smartphones or as specialized devices to be worn, carried, or applied as needed, may also pose risks if they are not designed or configured with security and privacy in mind. For example, most mHealth apps for smartphones collect extensive data about a person's physiology, behavior, physical activity, and social activity, and push that data to the cloud for analysis and sharing with clinicians, researchers, family, and caregivers -- data that could be embarrassing or harmful if mis-used or obtained by malicious persons. As another example, a patient's insulin pump may accept dosage instructions from unauthorized smartphones running a spoofed application, and another patient's fertility-tracking app may be probing the Bluetooth network for its associated device, exposing her use of this app to nearby strangers. We present an overview of the security and privacy challenges posed by mobile medical applications, including projects underway in the NSF-funded Trustworthy Health and Wellness project and Amulet project.
David Kotz is the Champion International Professor in the Department of Computer Science at Dartmouth College. He served as Associate Dean of the Faculty for the Sciences for six years and as the Executive Director of the Institute for Security Technology Studies for four years. In 2013 he was appointed to the US Healthcare IT Policy Committee. His research interests include security and privacy, pervasive computing for healthcare, and wireless networks. He has published over 100 refereed journal and conference papers and obtained over $56m in grant funding. He is PI of a $10m grant from the NSF Secure and Trustworthy Cyberspace program and leads a five-university team investigating Trustworthy Health & Wellness technology (see thaw.org). He is an IEEE Fellow, a Senior Member of the ACM, a 2008 Fulbright Fellow to India, and an elected member of Phi Beta Kappa. After receiving his A.B. in Computer Science and Physics from Dartmouth in 1986, he completed his Ph.D in Computer Science from Duke University in 1991 and returned to Dartmouth to join the faculty. For more information see his personal website.