Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

Keynote webinar | Spotlight on medication adherence

LIVE: Thursday 27th June 2024, 18:00-19:30 (CEST)
Join our expert panel to discover why you need to understand the drivers of non-adherence in your patients, and how you can optimize medication adherence in your clinics to drastically improve patient outcomes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 5/2012

01-10-2012 | Original Paper

Threat Modeling for Electronic Health Record Systems

Author: Ahmad Almulhem

Published in: Journal of Medical Systems | Issue 5/2012

Login to get access

Abstract

The security of electronic health record (EHR) systems is crucial for their growing acceptance. There is a need for assurance that these records are securely protected from attacks. For a system as complex as an EHR system, the number of possible attacks is potentially very large. In this paper, a threat modeling methodology, known as attack tree, is employed to analyze attacks affecting EHR systems. The analysis is based on a proposed generic client-server model of EHR systems. The developed attack tree is discussed along with some system properties that enable quantitative and qualitative analysis. A list of suggested countermeasures are also highlighted.
Literature
1.
Hamilton, B., Electronic health records, 2nd edn. McGraw-Hill, 2010.
2.
3.
Hyrinen, K., Saranto, K., and Nyknen, P., Definition, structure, content, use and impacts of electronic health records: a review of the research literature. Int. J. Med. Inform. 77(5):291–304, 2008.CrossRef
4.
Anderson, R., A security policy model for clinical information systems. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy. pp. 30–43, 1996.
5.
Anderson, R., Clinical system security: interim guidelines. Br. Med. J. 312(7023):109–111, 1996.
6.
Barrows, R. C., and Clayton, P. D., Privacy, Confidentiality, and Electronic medical records. J. Am. Med. Inform. Assoc. 3(2):139–148, 1996.CrossRef
7.
Amoroso, E., Fundamentals of Computer Security Technology. Prentice Hall, 1994.
8.
Schneier, B., Attack trees—modeling security threats. Dr. Dobb’s J. 24(12):21–29, 1999.
9.
Moore, A. P., Ellison, R. J., and Linger, R. C., Attack modeling for information security and survivability. Software Engineering Institute, CarnegieMellon University, Technical Note: CMU/SEI-2001-TN-001, 2001.
10.
Beale, T., The health record why is it so hard? IMIA Yearb. Med. Inform. 2005:301–304, 2005.
11.
Health informatics electronic health record definition, scope and context, 2005.
12.
Eichelberg, M., Aden, T., Riesmeier, J., Dogac, A., and Laleci, G. B., A survey and analysis of electronic healthcare record standards. ACM Comput. Surv. 37:277–315, 2005.CrossRef
13.
Sonoda, T., Evolution of electronic medical record solutions. Fujitsu Sci. Tech. J., 47(1):19–27, 2011.
14.
MITRE Corporation. Electronic health records overview. Technical report, National Institutes of Health National Center for Research Resources, 2006.
15.
Huang, H. K., PACS and imaging informatics: Basic principles and applications, 2nd ed. Wiley, 2010.
16.
Morrison, C., Iosif, A., and Danka, M., Report on existing open-source electronic medical records. Technical Report UCAM-CL-TR-768, University of Cambridge, 2010.
17.
Liu, W., Ren, P., Zhang, Y., and xin Duan, H., Ssl-dp: a rootkit of network based ssl and tls traffic decryptor. In: Cybercrime and Trustworthy Computing Workshop (CTC), 2010, 2nd edn. pp. 29–33, 2010.
18.
Seifried, K., Attacks against ssl. Linux Magazine, 112:60–61, 2010.
19.
Dierks, T., and Rescorla, E., The transport layer security (tls) protocol version 1.2. RFC 5246, Internet Engineering Task Force, 2008.
Metadata
Title
Threat Modeling for Electronic Health Record Systems
Author
Ahmad Almulhem
Publication date
01-10-2012
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 5/2012
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-011-9770-6

Other articles of this Issue 5/2012

Journal of Medical Systems 5/2012 Go to the issue

Original Paper

Dual Function Seal: Visualized Digital Signature for Electronic Medical Record Systems

Original Paper

Classification of Juvenile Myoclonic Epilepsy Data Acquired Through Scanning Electromyography with Machine Learning Algorithms

ORIGINAL PAPER

RBAC-Matrix-Based EMR Right Management System to Improve HIPAA Compliance

Original Paper

A Privacy-Strengthened Scheme for E-Healthcare Monitoring System

Original Paper

A Generative Tool for Building Health Applications Driven by ISO 13606 Archetypes

Original Paper

Automated Detection of Dark and Bright Lesions in Retinal Images for Early Detection of Diabetic Retinopathy