A Threat Table Based Approach to Telemedicine Security i

Information security within healthcare is paramount and telemedicine applications present unique security challenges. Technology is giving rise to new and advanced telemedicine applications and understanding the security threats to these applications is needed to ensure, among other things, the privacy of patient information. This paper presents a high level analysis of a telemedicine application in order to better understand the security threats to this unique and vulnerable environment. This risk analysis is performed using the concept of threat tables. This case study focuses on the capture and representation of salient security threats in telemedicine. To analyze the security threats to an application, we present a threat modeling framework utilizing a table driven approach. Our analysis reveals that even in a highly controlled environment with static locations, the security risks posed by telemedicine applications are significant, and that using a threat table approach provides an easy-to-use and effective method for managing these threats.

[1]  Shamik Sural,et al.  Security analysis and implementation of web-based telemedicine services with a four-tier architecture , 2008, 2008 Second International Conference on Pervasive Computing Technologies for Healthcare.

[2]  Telecommunications Board For the Record: Protecting Electronic Health Information [link] , 1997 .

[3]  Alberto Riva,et al.  Web-based telemedicine systems for home-care: technical issues and experiences , 2001, Comput. Methods Programs Biomed..

[4]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[5]  T. J. Morris,et al.  Battlefield Medical Information System-Tactical (BMIST): the application of mobile computing technologies to support health surveillance in the Department of Defense. , 2006, Telemedicine journal and e-health.

[6]  Maybin K. Muyeba,et al.  Threat Modeling Revisited: Improving Expressiveness of Attack , 2008, 2008 Second UKSIM European Symposium on Computer Modeling and Simulation.

[7]  Donn B. Parker,et al.  Toward a New Framework for Information Security , 2015 .

[8]  Samir Chatterjee,et al.  Secured video conferencing desktop client for telemedicine , 2003, Proceedings 5th International Workshop on Enterprise Networking and Computing in Healthcare Industry (HealthCom).

[9]  Qian Liu,et al.  Securing Telehealth Applications in a Web-Based e-Health Portal , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[10]  Dianxiang Xu,et al.  A threat-driven approach to modeling and verifying secure software , 2005, ASE.

[11]  Xiaoqin Zeng,et al.  Uml-Based Modeling and Analysis of Security Threats , 2010, Int. J. Softw. Eng. Knowl. Eng..

[12]  Per Hasvold,et al.  Risk analysis of information security in a mobile instant messaging and presence system for healthcare , 2007, Int. J. Medical Informatics.

[13]  P. Groot Design of a Secure Framework for the Implementation of Telemedicine , eHealth , and Wellness Services , 2022 .

[14]  Jan H. P. Eloff,et al.  A comparative framework for risk analysis methods , 1993, Comput. Secur..

[15]  Zhe Chen,et al.  A Telemedicine System over Internet , 2000, VIP.

[16]  M. E. Kabay,et al.  Computer Security Handbook , 2002 .

[17]  Vaibhav Garg,et al.  Telemedicine Security: A Systematic Review , 2011, Journal of diabetes science and technology.

[18]  Yang Xiao,et al.  Security and privacy in RFID and applications in telemedicine , 2006, IEEE Commun. Mag..

[19]  Eunseok Lee,et al.  Security based survivability risk analysis with extended HQPN , 2011, ICUIMC '11.