Ganthan Narayana Samy

Security threats categories in healthcare information systems

This article attempts to investigate the various types of threats that exist in healthcare information systems (HIS). A study has been carried out in one of the government-supported hospitals in Malaysia.The hospital has been equipped with a Total Hospital Information System (THIS). The data collected were from three different departments, namely the Information Technology Department (ITD), the Medical Record Department (MRD), and the X-Ray Department, using in-depth structured interviews. The study identified 22 types of threats according to major threat categories based on ISO/IEC 27002 (ISO 27799:2008). The results show that the most critical threat for the THIS is power failure followed by acts of human error or failure and other technological factors. This research holds significant value in terms of providing a complete taxonomy of threat categories in HIS and also an important component in the risk analysis stage.

Threats to Health Information Security

The purpose of this paper is to identify the threats that exist in Healthcare Information Systems (HIS). The study has been carried out in three different departments namely, Information Technology Department (ITD), Medical Record Department (MRD) and X-Ray Department in one of the leading government supported hospital in Malaysia. The hospital was equipped with Total Hospital Information System (THIS) environment. The data were collected using in-depth structured interviews. The study identified 22 types of threats according to major threat categories based on ISO/IEC 27002 (ISO 27799:2008). The result shows the most critical threat for the THIS is the power failure. In addition, acts of human error or failure threat also show high frequency of occurrence. The contribution of the paper will be categorization of threats in HIS and can be used to design and implement effective security systems and policies in healthcare setting.

Information privacy concerns in electronic healthcare records: A systematic literature review

The concerns in healthcare services is needed to deal with privacy and data security risks in handling electronic healthcare records (EHR). With the limitation of the existing literature dealing with number of factors that influence information privacy concerns in EHR, the main objective of this study is to review recent studies on information privacy concerns in EHR and then also to categorize the related factors. A total of 199 articles were extracted using a predefined search string. A quality criterion was applied on this set of articles, a total of 18 articles were determined for further analysis. Nine factors were found to influence information privacy concerns. However, two factors, namely information dissemination and computer literacy were commonly revealed as factors attributing to information privacy concerns in the healthcare domain. The unit of analysis was further examined from two perspectives; healthcare practitioners and patients.

Threats Identification in Healthcare Information Systems Using Genetic Algorithm and Cox Regression

Threats to information security for healthcare information system increased tremendously. There are various factors contribute to information security threats, many researchers focused only to certain factors which interest them (e.g., virus attack). Certain factors which may be important remain unexplored. In addition, lack of tools and technologies directed to limited number of threats traced in healthcare system. Thus it introduces bias in threat analysis. This study explored the use of biological computational termed Genetic Algorithm (GAs) combined with Cox regression (CoRGA) in identifying a potential threat for healthcare system. The results show that variable described “misused of e-mail” is the major information security threats for healthcare system. Results were compared with manual analysis using the same data, and it is shows that GAs not just introducing new threats for healthcare system but it was similar with others threats proposed by previous researches.

A case study for the cloud computing security threats in a governmental organization

Cloud computing is not just a service of computing or how the computing service is delivered. It is transforming the computing landscape, which means many big technical, economic and business changes will happen. Cloud computing has emerged with a promise to decrease the cost of computing implementation and deliver the computing as service, where the client pay only for what he needed and used. On the other hand, many security concerns arise with cloud computing. This paper introduces a practical study for cloud computing security threats. This study was conducted on a real SaaS provider with more than one thousand and five hundred clients for 285 days.

Adopting and Adapting Medical Approach in Risk Management Process for Analysing Information Security Risk

Risk management process is defined as a systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk (AS/NZS ISO 31000:2009, 2009). In addition, precise security risk analysis method should provide two key advantages (Kim et al., 2007). Firstly, effective monitoring of information security policies by protecting organisations critical assets and secondly, capacity to provide appropriate information for the purpose of future prediction and for the development secured information management. However in the real world, most of the organisations do not have proper data about security breaches because they typically fail to document and systematically record the threats incidents (Bojanc and Jerman-Blazic, 2008). According to (Baker et al., 2007) stated that the lack of real data on risk factors is considered as one of the main problem in information security research. Therefore, most of the existing methods intended to estimate probability of an identified vulnerability of security breach is largely relied on guesswork or rough estimation (Baker et al., 2007; Ekelhart et al., 2009; Spears, 2006).

A framework for integrated risk management process using survival analysis approach in information security

In this paper, we attempt to introduce a new method for performing risk analysis studies by effectively utilizing the existing risk management process framework with adoptions of medical approaches namely survival analysis approach. Under survival analysis approach, a method which is known as Cox Proportional Hazards (PH) Model will be applied in order to identify potential threats to information security. The risk management process is in this research will be based on Australian/New Zealand Standard for Risk Management (AS/NZS 4360:1999). AS/NZS 4360:1999 provides a sequencing of the core part of the risk management process into sub-processes for identify context, identify risks, analyze risks, evaluate risks and treat risks. Moreover, it seems that the integration of risk management process and survival analysis indeed brings very useful new insights. Thus, the contribution of the paper will be introducing a new method for performing a risk analysis studies in information security domain.

A Conceptual Model for Privacy Preferences in Healthcare Environment

As the amount of electronic medical record (EMR) denoting its big data characteristic are being collected by several healthcare institutions increases, privacy concerns also increases. Patients need to disclose their private information in order to be diagnosed and given appropriate treatments. There are several mechanisms used today to protect patients’ personal information but there are few studies conducted from patients’ perspective. This paper highlights the literature review on privacy preferences in healthcare environment. It then, further identifies the factors that influence privacy preferences based on secondary data obtained from journals, conference papers and books. The findings of this on-going study proceed with designing a proposed conceptual model.

Novel Risk Assessment Method to Identify Information Security Threats in Cloud Computing Environment

Cloud computing model brought many technical and economic benefits, however, there are many security issues. Most of the common traditional information security risk assessment methods such as ISO27005, NIST SP800-30 and AS/NZS 4360 are not fit for the cloud computing environment. Therefore, this study applies medical research approach to assess the information security threats in the cloud computing environment. This study has been conducted as a retrospective cohort study and the collected data has been analyzed by using the survival analysis method. The study has been conducted on the software as a service (SaaS) environment that has more than one thousand and seven hundred cloud customers. The survival analysis method is used to measure the significance of the risk factor level. The information security threats have been categorized into twenty-two categories. This study has proven that the medical research approach can be used to assess the security risk assessment in cloud computing environment to overcome the weaknesses that accompany the usage of the traditional information security risk assessment methods in cloud computing environment.

A Review of Ransomware Families and Detection Methods

Ransomware has become a significant problem and its impact is getting worse. It has now become a lucrative business as it is being offered as a service. Unlike other security issues, the effect of ransomware is irreversible and difficult to stop. This research has analysed existing ransomware classifications and its detection and prevention methods. Due to the difficulty in categorizing the steps none of the existing methods can stop ransomware. Ransomware families are identified and classified from the year 1989 to 2017 and surprisingly there are not much difference in the pattern. This paper concludes with a brief discussion about the findings and future work of this research.