MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients Ammar Alkassar 1 , Biljana Cubaleska 2 , Hans Löhr 2 , Ahmad-Reza Sadeghi 2 , Christian Stüble 1 , Marcel Winandy 2 1 Sirrix AG security technologies, Bochum, Germany a.alkassar@sirrix.com, c.stueble@sirrix.com 2 Ruhr-University Bochum, Germany {biljana.cubaleska,hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de Abstract: Healthcare professionals typically use their computer systems not only for accessing patient health records, but also to connect to medical accounting and billing services as well as other services on the Internet. This raises security and privacy concerns as client platforms may be infected by malware and could manipulate data or leak data to unauthorized parties. The project MediTrust aims to protect medical data of patients from being leaked to unauthorized parties. We propose a security infrastructure that builds privacy protection domains and enforces them up to the end-user platforms. Usability and effectiveness of the security mechanisms will be evaluated in user studies. I. INTRODUCTION The use of information technology in healthcare enables new and efficient applications like immediate access to and automatic analysis of medical data. E-health systems like electronic health records (EHRs) are believed to decrease costs in healthcare. However, the increasing use of digital medical data and computing systems operating on these data pose new risks with respect to security and privacy. Health professionals, like doctors and nurses, are not trained security experts, but they use standard computing platforms for various tasks, including accessing privacy- sensitive medical data of patients. These platforms may be vulnerable to malicious software, e.g., Trojan horses. In this context, analyses of e-health infrastructures show that the end-user systems are the least secured part [1]. II. PROJECT GOALS AND APPLICATION SCENARIO The objective of MediTrust is to develop a usable and secure end-user platform that is able to protect sensitive medical data from being accessed or manipulated by unauthorized parties. We define the following goals: - protecting medical data that are processed on the same computing platform together with other tasks;