Information Security Risk Assessment in Hospitals-Reference-Cited by-同舟云学术

Information Security Risk Assessment in Hospitals

Published:2017-09-14 Issue:1 Volume:11 Page:37-43
ISSN:1874-4311
Container-title:The Open Medical Informatics Journal
language:en
Short-container-title:TOMINFOJ

Author:

Ayatollahi Haleh,Shagerdi Ghazal

Abstract

Background: To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. Objective: The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. Method: This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). Results: The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). Conclusion: The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

Publisher

Bentham Science Publishers Ltd.

Link

https://openmedicalinformaticsjournal.com/contents/volumes/V11/TOMINFOJ-11-37/TOMINFOJ-11-37.pdf

Reference30 articles.

1. Ekelhart A, Fenz S, Neubauer TH. AURUM: A framework for information security risk management. Hawaii: U.S.A. TUM University. 2009; pp. In: Proceedings of the 42nd Hawaii International Conference on System Sciences; 1-10.

2. Hartwig RP, Wilkinson C. Cyber Risk: Threat and opportunity 2015. Available from: http://www.iii.org/sites/default/files/docs/pdf/cyber_risk_wp_final_102015.pdf

3. Cisco 2014 Annual Security Report 2014. Available from: http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf

4. Cisco 2016 Annual Security Report 2016. Available from: http://signalpartners.fi/wp-content/uploads/2016/01/Cisco-security-report-2016.pdf

5. Mehraeen E, Ayatollahi H, Ahmadi M. A study of information security in Hospital Information Systems. HIM J 2013; 10 (6) : 779-88.

Cited by 16 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. RISK MANAGEMENT IN MEDICINE: THE PROCESS OF IDENTIFICATION, ASSESSMENT AND CONTROL OF RISKS IN MEDICAL PRACTICE;AD ALTA: Journal of Interdisciplinary Research;2024-01-31

2. dfg de7u e57u 67 u5u t ystfdht rs hj etj rj rwyj r jyj qr ry jqr;Revista de Gestão e Secretariado;2023-12-05

3. Cybersecurity interventions in low- and middle-income country healthcare organizations: A scoping review (Preprint);2023-03-15

4. Cybersecurity interventions in low- and middle-income country healthcare organizations: A scoping review (Preprint);Journal of Medical Internet Research;2023-03-15

5. The Breach is Dead, Long Live the Breach: A Spatial Temporal Study of Healthcare Data Breaches;Science, Engineering Management and Information Technology;2023