Universiti Teknologi Malaysia Institutional Repository

Security Threats in Healthcare Information Systems: A Preliminary Study

Samy, Ganthan Narayana and Ahmad, Rabiah and Ismail, Zuraini (2008) Security Threats in Healthcare Information Systems: A Preliminary Study. In: 13th International Symposium on Health Information Management Research – ISHIMR 2008, 20-22 October, 2008, Auckland, New Zealand. (Unpublished)

Full text not available from this repository.

Abstract

The purpose of this paper is to present the potential threats that exist in healthcare information systems. Information systems security threats have increased significantly in recent years. Therefore, storing health information in electronic form raises concerns about patient’s health, privacy and safety. Similar to any information system, healthcare information systems are threatened by both accidental events and deliberate actions threats, which can severely damage health information systems’ reliability and consequently discourage professionals of future use. Furthermore, lack of adequate protection in sustaining the confidentiality, integrity and availability aspects leads for investigation to the potential threats particularly in healthcare information systems domain. Besides that, poor organization of security measures or low awareness of risk analysis practices within public and private sector especially in health care organizations also need particular attention. Further investigation to identify security threats in healthcare information systems is mandatory. Additionally, lack of “good industry practices” or standards for instance, ISO/IEC 27002 or Health Insurance Portability and Accountability Act (HIPAA) in healthcare environment is urgently required in order to protect the computerized information assets. For these reasons, a preliminary study was carried out in one of the leading government supported hospital in Malaysia. The hospital has approximately 900 inpatient beds and provides more than 20 clinical disciplines. The hospital is equipped for a Total Hospital Information System (THIS) environment. THIS is neatly designed into several modules that cover all aspects of a patient record from clinical to administrative applications. Several observations and interviews were held to gather detailed information that lead to the identification of the potential threats in THIS. The outcome of our initial study listed 17 types of threats based on major threat categories as depicted below, in table 1. The study shows the most critical threat for the THIS is the power failure. This is due to power failure of server, air-conditioning failure or interruption by service providers. Similarly, previous studies also found power failure is one of the most critical threats to healthcare information systems. Besides that, acts of human error or failure threat also show high frequency of occurrence in healthcare information systems. In addition, other category of threats also gives significant value such as technological obsolescence, hardware problems, software failures or errors, network infrastructure failures or errors and malware attacks. Thus, this paper provides a brief description and understanding of broad categories of potential threats in healthcare information systems that exist in Malaysian context. These findings will enable us to identify the overall risks in healthcare information systems and subsequently develop a sound remediation plan. Ultimately, this ongoing research work intends to develop threats identification tools using integrated approach in healthcare domain.

Item Type:Conference or Workshop Item (Paper)
Uncontrolled Keywords:Healthcare Information Systems, Risk Analysis, Threats
Divisions:Computer Science and Information System (Formerly known)
ID Code:9171
Deposited By: Harlina Abdullah @ Abd Halim
Deposited On:16 Jul 2009 03:01
Last Modified:02 Jun 2010 01:59

Repository Staff Only: item control page