Design and implementation of a secure medical storage and inventory system

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Security and Cloud Computing
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Digitalization is revolutionizing the future of healthcare in many different ways. One of the areas that are changing is the way the medication supply chain is managed. The goal of this thesis is to develop a smart system, called drug safe, for the storage and inventory of pharmaceutical preparations. The system will be used in pharmacies and in hospitals for storing narcotic drugs. In addition to being a locked safe, the smart storage system keeps track of the usage of the medications. The system enables automatic checks and audits on correct usage. The inventory system warns about low inventory and prioritizes the order of taking out packages to avoid the expiry of medications. The easy-to-use access control removes the need to share keys and ensures accurate logging of access. It saves the pharmacist’s or nurse’s time by automatically filling the drug card and re- duces human errors and omissions in the bookkeeping. The logging mechanism discourages misuse and enables forensic analysis of any suspected cases of theft. The inventory system includes the big physical metal safe with separate drawers, Raspberry Pi controller with a touch screen for interaction with users, lock control unit for software-based control of the locked drawers, bar code reader to validate medications. The backend solution for inventory database, logging, and system management is based on Google Cloud Platform services, Node.js and Python. A web application makes it possible to create reservations, generate reports, check inventory, and view logs. The most important goal of the project is to keep both the controlled medications and the customer data safe and secure. The critical features of the system are the protection of the customer’s or patient’s personal data when it is stored in the system and secure event logging to a cloud platform that focuses on the integrity of the logs. Each of these topics is discussed in separate chapters of the thesis. Moreover, the evaluation part of the thesis includes a systematic threat and risk analysis of the system. In the thesis project, the author has designed and implemented the software for the drug safe product, including the safe controller, web application, and backend services. The project spans from the initial design to delivery to the first customers.
Aura, Tuomas
Thesis advisor
Paukkeri, Kari
medication storage and inventory, cybersecurity, threat model, secure logging, medical data protection, risk analysis
Other note