Threat Modeling for Electronic Health Record Systems

被引:15
作者
Almulhem, Ahmad [1 ]
机构
[1] King Fahd Univ Petr & Minerals, Dept Comp Engn, Dhahran 31261, Saudi Arabia
来源
JOURNAL OF MEDICAL SYSTEMS | 2012年 / 36卷 / 05期
关键词
Electronic health record; EHR; Electronic medical record; EMR; Attack tree; Threat model;
D O I
10.1007/s10916-011-9770-6
中图分类号
R19 [保健组织与事业(卫生事业管理)];
学科分类号
摘要
The security of electronic health record (EHR) systems is crucial for their growing acceptance. There is a need for assurance that these records are securely protected from attacks. For a system as complex as an EHR system, the number of possible attacks is potentially very large. In this paper, a threat modeling methodology, known as attack tree, is employed to analyze attacks affecting EHR systems. The analysis is based on a proposed generic client-server model of EHR systems. The developed attack tree is discussed along with some system properties that enable quantitative and qualitative analysis. A list of suggested countermeasures are also highlighted.
引用
收藏
页码:2921 / 2926
页数:6
相关论文
共 19 条
[11]   A survey and analysis of Electronic Healthcare Record standards [J].
Eichelberg, M ;
Aden, T ;
Riesmeier, J ;
Dogac, A ;
Laleci, GB .
ACM COMPUTING SURVEYS, 2005, 37 (04) :277-315
[12]  
Hamilton B., 2010, ELECT HLTH RECORDS
[13]   Definition, structure, content, use and impacts of electronic health records:: A review of the research literature [J].
Hayrinen, Kristiina ;
Saranto, Kaija ;
Nykanen, Pirkko .
INTERNATIONAL JOURNAL OF MEDICAL INFORMATICS, 2008, 77 (05) :291-304
[14]  
MITRE Corporation, 2006, D91 SECURESCM
[15]  
Morrison C., 2010, UCAMCLTR768
[16]  
Schneier B, 1999, DR DOBBS J, V24, P21
[17]  
Seifried K., 2010, LINUX MAGAZINE, V112, P60
[18]  
Sonoda T, 2011, FUJITSU SCI TECH J, V47, P19
[19]  
Wu Liu, 2010, Proceedings Second Cybercrime and Trustworthy Computing Workshop (CTC 2010), P29, DOI 10.1109/CTC.2010.15
12