Risk management-based security evaluation model for telemedicine systems

Dong-Won Kim; Jin-Young Choi; Keun-Hee Han

doi:10.1186/s12911-020-01145-7

Risk management-based security evaluation model for telemedicine systems

BMC Med Inform Decis Mak. 2020 Jun 10;20(1):106. doi: 10.1186/s12911-020-01145-7.

Authors

Dong-Won Kim¹, Jin-Young Choi¹, Keun-Hee Han²

Affiliations

¹ Information Security Department, Korea University, Seoul, Republic of Korea.
² Information Security Department, Korea University, Seoul, Republic of Korea. khhan@formal.korea.ac.kr.

Abstract

Background: Infectious diseases that can cause epidemics, such as COVID-19, SARS-CoV, and MERS-CoV, constitute a major social issue, with healthcare providers fearing secondary, tertiary, and even quaternary infections. To alleviate this problem, telemedicine is increasingly being viewed as an effective means through which patients can be diagnosed and medications prescribed by doctors via untact Thus, concomitant with developments in information and communication technology (ICT), medical institutions have actively analyzed and applied ICT to medical systems to provide optimal medical services. However, with the convergence of these diverse technologies, various risks and security threats have emerged. To protect patients and improve telemedicine quality for patient safety, it is necessary to analyze these risks and security threats comprehensively and institute appropriate countermeasures.

Methods: The security threats likely to be encountered in each of seven telemedicine service areas were analyzed, and related data were collected directly through on-site surveys by a medical institution. Subsequently, an attack tree, the most popular reliability and risk modeling approach for systematically characterizing the potential risks of telemedicine systems, was examined and utilized with the attack occurrence probability and attack success probability as variables to provide a comprehensive risk assessment method.

Results: In this study, the most popular modelling method, an attack tree, was applied to the telemedicine environment, and the security concerns for telemedicine systems were found to be very large. Risk management and evaluation methods suitable for the telemedicine environment were identified, and their benefits and potential limitations were assessed.

Conclusion: This research should be beneficial to security experts who wish to investigate the impacts of cybersecurity threats on remote healthcare and researchers who wish to identify new modeling opportunities to apply security risk modeling techniques.

Keywords: Medical information security; Smart medical security; Telecare security; Telemedicine security.

Publication types

Research Support, Non-U.S. Gov't

MeSH terms

Betacoronavirus
COVID-19
Computer Security*
Confidentiality
Coronavirus Infections*
Delivery of Health Care
Humans
Models, Organizational
Pandemics*
Patient Safety
Pneumonia, Viral*
Reproducibility of Results
Risk Management / organization & administration*
SARS-CoV-2
Telemedicine / organization & administration*

Grants and funding

HI19C0811/Korea Health Technology R&D Project through the Korea Health Industry Development Institute (KHIDI), funded by the Ministry of Health & Welfare, Republic of Korea/International