Health Care IT
This paper begins a process of organizing knowledge of health information security threats into a comprehensive catalog.We begin by describing our risk management perspective of health information security, and then use this perspective tomotivate the development of a health information threat tree. We describe examples of three threats, breaking each downinto its key risk-related data attributes: threat source and action, the health information asset and its vulnerability, andpotential controls. The construction of such a threat catalog is argued to be useful for risk assessment and to inform publichealth care policy. As no threat catalog is ever complete, guidance for extending the health information security threat tree isgiven.
Landry, Jeffrey P.; Pardue, J. Harold; Johnsten, Tom; Campbell, Matt; and Patidar, Priya, "A Threat Tree for Health Information Security and Privacy" (2011). AMCIS 2011 Proceedings - All Submissions. Paper 468.