Cargando…

Information Security Risk Assessment in Hospitals

BACKGROUND: To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. OBJECTIVE: The aim of this st...

Descripción completa

Detalles Bibliográficos
Autores principales: Ayatollahi, Haleh, Shagerdi, Ghazal
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Bentham Open 2017
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5688383/
https://www.ncbi.nlm.nih.gov/pubmed/29204226
http://dx.doi.org/10.2174/1874431101711010037
Descripción
Sumario:BACKGROUND: To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. OBJECTIVE: The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. METHOD: This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). RESULTS: The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). CONCLUSION: The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.