Threat Modeling of Electronic Health Systems and Mitigating Countermeasures

Abstract

Electronic health systems (EHS) serve as information management systems for health records of patients which are various data generated from interactions between patients and medical personnel. The security of electronic health system is vital due to the growing acceptance of their use. There is a need to assure users that the data generated and stored on the EHS are protected from adversaries. In the case where the data is already compromised, it is imperative to locate the source of the threat as quickly as possible and implement appropriate countermeasures against such vulnerabilities starting from the highest vulnerable point to lower vulnerabilities. In this study, a threat security model for the EHS was proposed from identified threats which were then discussed. Based on these threats, possible counter measures for authentication and authorization control were highlighted. The threat model was developed through a procedure that guarantees the integrity, availability and confidentiality of health records. The procedure involves using the STRIDE threat modelling tool to identify potential threats which were then ranked with respect to the amount of risk they pose to the system based on scores calculated using DREAD; a threat-risk rating model. The result is a collection of identified and rated threat in order of decreasing risk to an EHS. Careful consideration of the resulting threat rating model by information system security professional will lead to the development of secure systems and provide a guide to the order in which vulnerabilities should be patched in compromised existing systems.