The adoption of decentralized technologies in healthcare introduces new opportunities for secure, patient-centered data management but also brings significant privacy and security challenges. This paper presents a threat modeling approach applied to a Web3-based healthcare platform that integrates blockchain for access logging, a FHIR-compliant server for clinical data, and a backend for identity and access management. Using the LINDDUN privacy threat modeling framework and OWASP Threat Dragon, we identified and prioritized privacy risks based on system architecture and data flows. The results show that threat modeling can provide early insights into regulatory compliance, data exposure, and user privacy concerns. This process can be viewed as a foundational step in the development of digital health systems. While the analysis was focused on a specific use case, the methodology is adaptable to a wide range of applications handling sensitive personal data.
Dinis et al. (Thu,) studied this question.