Mobile devices and the Internet of Things (IoT) are revolutionizing today’s digital sectors, including healthcare. eHealth services delivery enables integrated mHealth care and informed-decision making for emergency medical services, especially in the event of disasters when every second could mean the difference between life or death. The risk of cyber-attacks directed to mHealth applications can compromise the availability and integrity of patient information, crippling care mobility and sometimes threatening patients’ lives if decisions are made based on invalid information. Such risks can be treated by considering appropriate information security controls at the early stages of the mobile Application (mApp) development lifecycle for mHealth model of care. However, most developers consider security at a later stage, and even if they do, there is a lack of an appropriate tool to help them represent security requirements in design models. This has proven to be bad practice, resulting in insecure mApp development. This paper aims to bridge this gap by equipping analysts with the tool necessary to identify risks and treat them while designing the application. Therefore, we propose the approach referred to as Internet of Things Security Modelling (IoTsecM) for mApp security modelling in mHealth. IoTsecM is a UML extension to model identified security controls against possible attacks to guarantee the existence of a security analysis and security mechanisms. Results show that IoTsecM, first, allows mHealth designers to apply and depict non-functional security requirements with the functional requirements. Second, its annotation illustrates meaningful information security requirements at early design stages as part of the mHealth application development lifecycle and not afterwards.

mHealth, mobile application design, information security, internet of things, modelling, UML, SysML, UML extension, security controls, disaster management