Published in:
01-10-2012 | Original Paper
Threat Modeling for Electronic Health Record Systems
Author:
Ahmad Almulhem
Published in:
Journal of Medical Systems
|
Issue 5/2012
Login to get access
Abstract
The security of electronic health record (EHR) systems is crucial for their growing acceptance. There is a need for assurance that these records are securely protected from attacks. For a system as complex as an EHR system, the number of possible attacks is potentially very large. In this paper, a threat modeling methodology, known as attack tree, is employed to analyze attacks affecting EHR systems. The analysis is based on a proposed generic client-server model of EHR systems. The developed attack tree is discussed along with some system properties that enable quantitative and qualitative analysis. A list of suggested countermeasures are also highlighted.