Skip to main content



Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

 ISTS logo

Securing the e-Campus 2017 - Exact time and dates TBD

Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan




Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George


Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

RIOTS logo 

Professor Sean Smith, Director of the ISTS and Bill Nisen, Associate Director, spoke at the

School House residential cluster on the Internet of Risky Things  - February 21, 2017, 5:30 PM

Craig Smith




You Don't Own Your Car
Craig Smith
Tuesday May 10, 2016 
Carson L02 @4:15

David Safford


Hardware Based Security for GE's Industrial Control Systems
David Safford
GE Global Research
Tuesday May 17, 2016
Carson L02 @4:15



"It's Fine," They Said. "Just Ship It," They Said.
Dan Tentler
The Phobos Group
Tuesday April 12, 2016 
Carson L02 @4:15

Harold Thimbleby




The Best Way to Improve Healthcare is to Improve Computers
Harold Thimbleby
Swansea University
April 23, 2015

Craig Shue




Managing User-Level Compromises in Enterprise Network
Craig Shue
Worcester Polytechnic Institute
March 31, 2015



Oct news 2015


ISTS Information Pamphlet



Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
HomeEvents >  SITH

Session Descriptions and Presentations

Conference Information

Keynote: "The ACO Model and Health Care Reform"
Presented by: Dr. Elliott Fisher, The Dartmouth Institute for Health Policy and Clinical Practice


Session 1: Security/usability of mobile, sensor and implantable technologies that monitor patient health
Moderated by: David Kotz
Panelists: Mustaque Ahamad, Tanzeem Choudhury, Sunny Consolvo, and Carl Gunter

There is potential for mobile computing and communications technologies -- “mHealth” technologies -- to improve quality of healthcare and to improve quality of life, but they also generate new security and privacy issues. For example, millions of patients benefit from programmable, implantable medical devices (IMDs) that treat chronic ailments such as cardiac arrhythmia, diabetes, and Parkinson's disease with various combinations of electrical therapy and drug infusion. Similarly, body-area networks of wearable sensors can collect continuous data about both physiological and activity data, providing the person detailed information about their health in support of various wellness applications. IMDs and wearable sensors rely on radio communication--- exposing these devices not only to safety and effectiveness risks, but also to security and privacy risks. In addition, exciting new persuasive technologies that use sensing (and sometimes activity inference) to help people self-manage aspects of their health (physical activity, nutrition, weight, sleep) increasingly are being used. However, the privacy and security implications of these devices and services are unclear—especially given that private details about one’s health and potentially mental state as well are being archived, often by providers who do not have to abide by HIPAA. How can we develop usable devices that respect patient privacy while also retaining the data quality, transmissibility and accessibility required for the health-related uses of the data?


Session 2: Security/usability of electronic health records (EHRs)
Moderated by:
Sean Smith
Doug Blough, Mark Frisse, Andrew Gettinger, and Avi Rubin

Advocates of electronic health records (EHRs) tout features such as easily sharing information between and among providers, patients and families. One necessary factor for achieving this vision is that EHR systems provide sufficient security for the information and processes involved. However, another factor, just as important, is that EHRs (with these security features) are actually usable by the practitioners, patients, managers, and other stakeholders involved – if people can't use it (or can't use it correctly), then the security (and perhaps the EHR itself) doesn't matter.

What does security MEAN in EHR? Does the traditional C-I-A rubric apply, or do we need to change priorities or add new items? Is policy as static as in traditional views of infosec? What about the costs of making the wrong security decision?

Do the security technologists really understand the domain problem – and if not, what can we do to improve communication channels? (One study of computerized HR criticized it for being designed for accountants, not for medical clinicians. The JAMA had a fascinating article on a computerized prescription-dispensing system which seemed like a great idea in the lab but failed in real medical settings; we all hear stories of enterprises with passwords written under keyboards, because that's how the end users tune the security system to make it usable. How can we avoid these problems?)

A range of EHR models are being considered (e.g., Personally Controlled Health Records from major companies such as Google, Microsoft and Walmart, versus provider-centric electronic medical records, versus hybrid systems). How does the choice of model affect security and usability?

Similarly, a range of technology solutions are being proposed (such as mobile and wireless devices exploiting Automated Identification and Data Capture and radio-frequency identification). How do these choices affect the picture?


Session 3: HIT Security and Privacy: Understanding the clinical context and stakeholder perceptions
Moderated by:
Denise Anthony
Khaled El Emam, Ross Koppel, and Helen Nissenbaum 

IT not adequately designed for or implemented in the specific clinical context of its multiple users and stakeholders may be not only ineffective, but can cause unintended errors and create security and privacy risks. Indeed, concerns about security and privacy are among key barriers to the adoption and use of IT in healthcare. Despite significant technological advances in HIT there is still too little understanding of the practices and concerns of various stakeholders, or of the specific clinical contexts in which HIT is used. This panel will discuss the clinical context of use and perceptions of stakeholders, and describe the implications of both for securing health information, as well as for the successful development, deployment and use of HIT overall.


Event Host

This workshop is hosted by the Institute for Security, Technology, and Society (ISTS) at Dartmouth College.

The Institute for Security, Technology, and Society (ISTS)

ISTS logoThe Institute for Security, Technology, and Society (ISTS) at Dartmouth College is dedicated to pursuing research and education to advance information security and privacy throughout society.

ISTS engages in interdisciplinary research, education and outreach programs that focus on information technology (IT) and its role in society, particularly the impact of IT in security and privacy broadly conceived. ISTS nurtures leaders and scholars, educates students and the community, and collaborates with its partners to develop and deploy IT, and to better understand how IT relates to socio-economic forces, cultural values and political influences. ISTS research improves our ability to:

  • Design and deploy secure, usable computer systems and protect them from tampering, disruption and attack
  • Enable people and organizations to communicate and exchange information securely and privately across networked computing devices
  • Address social, economic and policy issues that arise in the development, deployment and regulation of such information technology

The Institute manages the Trustworthy Information Systems for Healthcare (TISH) project funded by the National Science Foundation.  Dartmouth's press release on the award is available here.

Last Updated: 9/6/12