Analysing Information Security amidst the Implementation of Implantable Medical Devices in Norwegian Healthcare
Abstract
Implantable medical devices (IMDs) are an electronic medical device that is implanted partly or withing a human body to treat and monitor medical conditions. Modern IMDs have more computing power and are more interconnected. The use of IMDs have been very beneficial for effective patient treatment for the healthcare and have improved the quality of life for the users. Though IMDs being truly beneficial, it also comes with a cost. More computing power and interconnectivity leads to vulnerabilities and cybersecurity risks. Research have identified serious security and privacy risks in the use of IMDs and have expressed serious concerns. This thesis takes a new research approach to analyse and understand the environment IMDs are used.
This research analyses information security for the implementation process of IMDs in the Norwegian healthcare. Based on the collected data, resulted in a focus on insulin pumps and continuous glucose monitoring (CGM) domain of IMDs. The research uses the lens of contradiction management for the implementation of IMDs. Using process theory and stage modelling to build a stage-model to enrich the understanding of the implementation process. Using the stage-model and contradictions management if was possible to identify when and where challenges for implementation occur and see how they are solved. The goal of this research approach was to research the domain of IMDs from a new perspective. Potential revealing new insights and confirm or contrary existing literature.
The result discovered several contradictions that was solved during the implementation. The contradictions main topics was data storage and processing, information security and use of CGM applications. Implications showed that contradictions solved related directly to healthcare and end-users had a tendency to have lower information security outcome that strictly “IT”-contradictions. The findings also correlated with the literature of privacy concerns and the complexity of environment IMDs are used make is hard to apply effective theoretical information security and cybersecurity solutions.
Raising cybersecurity awareness for stakeholders for IMDs can help improve the information security and cybersecurity. Assist manufactures, healthcare personnel, patients and end-users to take educated choices to reduces unwanted information security and cybersecurity incidents. Regulations influenced choices during implementation, and future improvements in regulations can potentially lead to enhancing information security and cybersecurity for IMDs. The thesis concluding continuous research and work in the domain will enhance the information security and cybersecurity for IMDs.