Threat Model for Secure Health Care Data Using EMR, EHR and Health Monitoring Devices

Abstract

The main aim of this project is to propose a threat modeling framework that promotes the security of health care services. The threat model is used to analyze the cyber threats that makes the electronic health monitoring devices vulnerable to a cyber-attack. The model also helps in strengthening the security of the software-based web applications like EMR and EHR used in a health care organization. The information assets are identified and the threat agents are eliminated considering the software, web application and monitoring devices as attack surface. The major goal of this threat model is to analyze and establish the trust boundaries in the OpenEMR that render a secure data transmission. We use a STRIDE threat model and a DFD based approach using the OWASP threat modeling tool. The SIEM tools provide a continuous security methodology to document the process and result.