A Threat Tree for Health Information Security and Privacy

This paper begins a process of organizing knowledge of health information security threats into a comprehensive catalog.We begin by describing our risk management perspective of health information security, and then use this perspective tomotivate the development of a health information threat tree. We describe examples of three threats, breaking each downinto its key risk-related data attributes: threat source and action, the health information asset and its vulnerability, andpotential controls. The construction of such a threat catalog is argued to be useful for risk assessment and to inform publichealth care policy. As no threat catalog is ever complete, guidance for extending the health information security threat tree isgiven

Security and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios

The emerging cloud computing technology enables new essential scenarios in healthcare, in particular those of data sharing among practitioners. Nevertheless, their security and privacy concerns still impede the wide adoption of cloud computing in this area. Although there are numerous publications in the context of cloud computing in healthcare, we found no consistent typical security and privacy system requirements framework in this domain so far. Owing to the lack of those studies and preparing the ground for creating secure and privacy-friendly cloud architectures for healthcare, we survey security and privacy system requirements for cloud-based medical data sharing scenarios using two strategies. We base on a systematic design science approach following the literature-driven requirement elicitation strategy and apply an established security requirement elicitation methodology as part of the scenario-driven strategy. Finally, we evaluate and compare the two security and privacy system requirements elicitation strategies used in this paper

Cloud Computing in Healthcare – a Literature Review on Current State of Research

Nowadays, IT resources are increasingly being used in all areas of the health sector. Cloud computing offers a promising approach to satisfy the IT needs in a favorable way. Despite numerous publications in the context of cloud computing in healthcare, there is no systematic review on current research so far. This paper addresses the gap and is aimed to identify the state of research and determine the potential areas of future research in the domain. We conduct a structured literature search based on an established framework. Through clustering of the research goals of the found papers we derive research topics including developing cloud-based applications, platforms or brokers, security and privacy mechanisms, and benefit assessments for the use of cloud computing in healthcare. We hence analyze current research results across the topics and deduce areas for future research, e.g., development, validation and improvement of proposed solutions, an evaluation framework