|This thesis presents a detailed assessment methodology for medical devices that use Bluetooth connectivity, incorporating both technical and privacy considerations. The framework, referred to as the playbook, provides a practical guide for Sykehuspartner to better evaluate and mitigate cybersecurity risks before procuring new medical technical equipment connected to applications with Bluetooth.
The evaluation of privacy and Application Programming Interface (API) security in the procurement process of medical technical equipment is addressed in the research. The study introduces a playbook divided into four sections: network traffic, Bluetooth security, terms/conditions of use, and token security. The playbook consists of questions for each section and incorporates a scoring system. The playbook also provides guidance for answering the questions. Through the use of a Man-in-the-Middle proxy and relevant documentation, suppliers can be effectively compared. The research aims to enhance privacy and security evaluations, ensuring the protection of sensitive data and promoting secure interactions within healthcare information systems.
The playbook should be improved before being used by Sykehuspartner. The playbook is not completely tested and should be improved before it can be an effective asset to Sykehuspartner in the procurement process.