Abstract
The security of electronic health record (EHR) systems is crucial for their growing acceptance. There is a need for assurance that these records are securely protected from attacks. For a system as complex as an EHR system, the number of possible attacks is potentially very large. In this paper, a threat modeling methodology, known as attack tree, is employed to analyze attacks affecting EHR systems. The analysis is based on a proposed generic client-server model of EHR systems. The developed attack tree is discussed along with some system properties that enable quantitative and qualitative analysis. A list of suggested countermeasures are also highlighted.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Hamilton, B., Electronic health records, 2nd edn. McGraw-Hill, 2010.
HIMSS Analytics. The emr adoption model. http://www.himssanalytics.org/, 2011.
Hyrinen, K., Saranto, K., and Nyknen, P., Definition, structure, content, use and impacts of electronic health records: a review of the research literature. Int. J. Med. Inform. 77(5):291–304, 2008.
Anderson, R., A security policy model for clinical information systems. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy. pp. 30–43, 1996.
Anderson, R., Clinical system security: interim guidelines. Br. Med. J. 312(7023):109–111, 1996.
Barrows, R. C., and Clayton, P. D., Privacy, Confidentiality, and Electronic medical records. J. Am. Med. Inform. Assoc. 3(2):139–148, 1996.
Amoroso, E., Fundamentals of Computer Security Technology. Prentice Hall, 1994.
Schneier, B., Attack trees—modeling security threats. Dr. Dobb’s J. 24(12):21–29, 1999.
Moore, A. P., Ellison, R. J., and Linger, R. C., Attack modeling for information security and survivability. Software Engineering Institute, CarnegieMellon University, Technical Note: CMU/SEI-2001-TN-001, 2001.
Beale, T., The health record why is it so hard? IMIA Yearb. Med. Inform. 2005:301–304, 2005.
Health informatics electronic health record definition, scope and context, 2005.
Eichelberg, M., Aden, T., Riesmeier, J., Dogac, A., and Laleci, G. B., A survey and analysis of electronic healthcare record standards. ACM Comput. Surv. 37:277–315, 2005.
Sonoda, T., Evolution of electronic medical record solutions. Fujitsu Sci. Tech. J., 47(1):19–27, 2011.
MITRE Corporation. Electronic health records overview. Technical report, National Institutes of Health National Center for Research Resources, 2006.
Huang, H. K., PACS and imaging informatics: Basic principles and applications, 2nd ed. Wiley, 2010.
Morrison, C., Iosif, A., and Danka, M., Report on existing open-source electronic medical records. Technical Report UCAM-CL-TR-768, University of Cambridge, 2010.
Liu, W., Ren, P., Zhang, Y., and xin Duan, H., Ssl-dp: a rootkit of network based ssl and tls traffic decryptor. In: Cybercrime and Trustworthy Computing Workshop (CTC), 2010, 2nd edn. pp. 29–33, 2010.
Seifried, K., Attacks against ssl. Linux Magazine, 112:60–61, 2010.
Dierks, T., and Rescorla, E., The transport layer security (tls) protocol version 1.2. RFC 5246, Internet Engineering Task Force, 2008.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Almulhem, A. Threat Modeling for Electronic Health Record Systems. J Med Syst 36, 2921–2926 (2012). https://doi.org/10.1007/s10916-011-9770-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-011-9770-6