Abstract
The security of electronic health record (EHR) systems is crucial for their growing acceptance. There is a need for assurance that these records are securely protected from attacks. For a system as complex as an EHR system, the number of possible attacks is potentially very large. In this paper, a threat modeling methodology, known as attack tree, is employed to analyze attacks affecting EHR systems. The analysis is based on a proposed generic client-server model of EHR systems. The developed attack tree is discussed along with some system properties that enable quantitative and qualitative analysis. A list of suggested countermeasures are also highlighted.
| Original language | English |
|---|---|
| Pages (from-to) | 2921-2926 |
| Number of pages | 6 |
| Journal | Journal of Medical Systems |
| Volume | 36 |
| Issue number | 5 |
| DOIs | |
| State | Published - Oct 2012 |
Keywords
- Attack tree
- EHR
- EMR
- Electronic health record
- Electronic medical record
- Threat model
ASJC Scopus subject areas
- Medicine (miscellaneous)
- Information Systems
- Health Informatics
- Health Information Management