Information Security Risk Assessment in Healthcare: the Experience of an Italian Paediatric Hospital

The match of research activity and paediatric healthcare services offered by the IRCCS "Burlo Garofolo", produces a complex situation especially regarding IT security. World-wide IT Security issues in the recent years have had an exponential development of problems to face. Meanwhile, risks and threats are therefore growing and so all the problems tied up to the vulnerabilities' management generating risks for the hospital security. These remarks aren't involving only the continuous fitting to the application of the current Italian Regulation, but the search of tools (technological and organizational) that may guarantee security in an effective way. This study shows how the Hospital IT Dept. is providing the adjustment of technologies and procedures to increase IT security needs and giving access to data, information and knowledge to authorized personnel. To face these challenges the Hospital IT Dept. proposed both internally developed open-source technical solutions and information security risk assessment methods.