At present, the great majority of organizations are subjected to a variety of external and internal security threats, like the manipulation as well as theft of information that is critical. Other security risks may be associated with the natural catastrophes and unintentional errors of computer users which might result in devastating consequences [one]. In 2013, Cisco found that ninety nine percent of Android devices have been targeted by mobile malware as well as seventy one percent of Android users experienced with almost all kinds of web delivered malware [two]. In another article about cyber security trends as well as challenges, it was discovered that in 2014, sixty four percent of organizations suggested that the security infrastructure of theirs was updated and constantly upgraded. Nevertheless, in 2015, which number reduced to fifty nine percent [two]. This research suggests that organizations are dealing with a greater attack surface area, the increasing sophistication and proliferation of attack versions, and much more complexity within the system [two].
Much like other organizations, healthcare groups are at risk of info security threats. Meanwhile, they’re urged to use and discuss electronic health info. They’re particularly vulnerable targets for information breaches as a result of the importance of health info. So, protecting health info appears to be far more complicated than previously in the healthcare groups [three].
In general, health info security deals with 3 aspects; specifically, protecting patients’ information confidentiality, making sure data integrity and assuring data availability. Ignoring these elements could cause several issues, like financial losses or legal issues for clinics and healthcare providers [four, six]. By comparison, improving info security is going to increase the confidence of clinicians and patients, and could result in the better utilization of the health data [four, five, seven].
Although a lot of efforts were made to classify info security threats, particularly in the healthcare region, you will still find many unknown consequences that could risk the security of health info and their resources [eight]. Probably the most frequent threats to the info security are unauthorized usage of computers and software for illegal activities and communications. The discharged personnel can be another risk in order to data integrity and also to conquer this problem, the users’ entry amount must be controlled. Additionally, the data integrity could be threatened by hackers, Trojan horses and unauthorized users [five]. Thus, it’s essential to determine the info security risks in clinics to have the ability to deal with the likely damages down the road. In reality, to minimize losses brought on by a bunch of security threats, info security risk management is required [one]. The goal of info security risk management is protecting the security in the devices which shop, process, or perhaps transfer organizational info [nine]. To be able to control the risks, there ought to be a plan to evaluate the severity of threats and also to establish the possible risks [six]. In reality, the procedure of risk assessment or maybe risk analysis may be the initial step in the procedure for risk management [eight, nine].
- Ekelhart A., Fenz S., Neubauer T.H. AURUM: A framework for information security risk management.. Proceedings of the 42nd Hawaii International Conference on System Sciences; Hawaii: U.S.A. TUM University. 2009. pp. 1–10.
- Cisco 2014 Annual Security Report. 2014. Available from: http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf.
- Cisco 2016 Annual Security Report. 2016. Available from: http://signalpartners.fi/wp-content/uploads/2016/01/Cisco-security-report-2016.pdf.
- Mehraeen E., Ayatollahi H., Ahmadi M. A study of information security in Hospital Information Systems. HIM J. 2013;10(6):779–788.
- Donahue K., Rahman S., Healthcare I.T. Is your information at risk? Int J Net Sec App. 2012;4(5):97–109.
- Stoneburner G, Goguen A, Feringa A. Risk management guide for information technology systems. NIST SP 800-30 (USA) 2002. [Cross Ref]
- Sharifian R., Nematollahi M., Monem H., Ebrahimi F. Investigating the HIPAA security safeguards in the HIS of teaching hospitals in Shiraz. HIM J. 2013;10(1):1–12.
- Bakhtiyarishahri M., Zuraini I. Users as the biggest threats to security of Health Information Systems. Int J Comp Inform Tech. 2012;1(2):29–33.
- The privacy and security gaps in health information exchanges. U.S.A. American Health Information Management Association (AHIMA) and Healthcare Information and Management Systems Society (HIMSS). AHIMA/HIMSS HIE privacy and security joint work group. 2011.