Security Risk Assessment for Patient Portals of Hospitals: A Case Study of Taiwan.

IF 4.6 Q2 MATERIALS SCIENCE, BIOMATERIALS
ACS Applied Bio Materials Pub Date : 2024-06-18 eCollection Date: 2024-01-01 DOI:10.2147/RMHP.S463408
Pei-Cheng Yeh, Kuen-Wei Yeh, Jiun-Lang Huang
{"title":"Security Risk Assessment for Patient Portals of Hospitals: A Case Study of Taiwan.","authors":"Pei-Cheng Yeh, Kuen-Wei Yeh, Jiun-Lang Huang","doi":"10.2147/RMHP.S463408","DOIUrl":null,"url":null,"abstract":"<p><strong>Background: </strong>Growing cyberattacks have made it more challenging to maintain healthcare information system (HIS) security in medical institutes, especially for hospitals that provide patient portals to access patient information, such as electronic health record (EHR).</p><p><strong>Objective: </strong>This work aims to evaluate the patient portal security risk of Taiwan's EEC (EMR Exchange Center) member hospitals and analyze the association between patient portal security, hospital location, contract category and hospital type.</p><p><strong>Methods: </strong>We first collected the basic information of EEC member hospitals, including hospital location, contract category and hospital type. Then, the patient portal security of individual hospitals was evaluated by a well-known vulnerability scanner, UPGUARD, to assess website if vulnerable to high-level attacks such as denial of service attacks or ransomware attacks. Based on their UPSCAN scores, hospitals were classified into four security ratings: absolute low risk, low to medium risk, medium to high risk and high risk. Finally, the associations between security rating, contract category and hospital type were analyzed using chi-square tests.</p><p><strong>Results: </strong>We surveyed a total of 373 EEC member hospitals. Among them, 20 hospital patient portals were rated as \"absolute low risk\", 104 hospital patient portals as \"low to medium risk\", 99 hospital patient portals as \"medium to high risk\" and 150 hospital patient portals as \"high risk\". Further investigation revealed that the patient portal security of EEC member hospitals was significantly associated with the contract category and hospital type (<i>P</i><0.001).</p><p><strong>Conclusion: </strong>The analysis results showed that large-scale hospitals generally had higher security levels, implying that the security of low-tier and small-scale hospitals may warrant reinforcement or strengthening. We suggest that hospitals should pay attention to the security risk assessment of their patient portals to preserve patient information privacy.</p>","PeriodicalId":2,"journal":{"name":"ACS Applied Bio Materials","volume":null,"pages":null},"PeriodicalIF":4.6000,"publicationDate":"2024-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11193402/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Bio Materials","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.2147/RMHP.S463408","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/1/1 0:00:00","PubModel":"eCollection","JCR":"Q2","JCRName":"MATERIALS SCIENCE, BIOMATERIALS","Score":null,"Total":0}
引用次数: 0

Abstract

Background: Growing cyberattacks have made it more challenging to maintain healthcare information system (HIS) security in medical institutes, especially for hospitals that provide patient portals to access patient information, such as electronic health record (EHR).

Objective: This work aims to evaluate the patient portal security risk of Taiwan's EEC (EMR Exchange Center) member hospitals and analyze the association between patient portal security, hospital location, contract category and hospital type.

Methods: We first collected the basic information of EEC member hospitals, including hospital location, contract category and hospital type. Then, the patient portal security of individual hospitals was evaluated by a well-known vulnerability scanner, UPGUARD, to assess website if vulnerable to high-level attacks such as denial of service attacks or ransomware attacks. Based on their UPSCAN scores, hospitals were classified into four security ratings: absolute low risk, low to medium risk, medium to high risk and high risk. Finally, the associations between security rating, contract category and hospital type were analyzed using chi-square tests.

Results: We surveyed a total of 373 EEC member hospitals. Among them, 20 hospital patient portals were rated as "absolute low risk", 104 hospital patient portals as "low to medium risk", 99 hospital patient portals as "medium to high risk" and 150 hospital patient portals as "high risk". Further investigation revealed that the patient portal security of EEC member hospitals was significantly associated with the contract category and hospital type (P<0.001).

Conclusion: The analysis results showed that large-scale hospitals generally had higher security levels, implying that the security of low-tier and small-scale hospitals may warrant reinforcement or strengthening. We suggest that hospitals should pay attention to the security risk assessment of their patient portals to preserve patient information privacy.

医院患者门户网站的安全风险评估:台湾案例研究。
背景:越来越多的网络攻击使维护医疗机构的医疗信息系统(HIS)安全变得更具挑战性,尤其是对于提供患者门户访问患者信息(如电子健康记录(EHR))的医院:本研究旨在评估台湾 EEC(电子病历交换中心)成员医院的患者门户网站安全风险,并分析患者门户网站安全与医院位置、合同类别和医院类型之间的关联:我们首先收集了 EEC 成员医院的基本信息,包括医院位置、合同类别和医院类型。然后,通过著名的漏洞扫描仪 UPGUARD 对各医院的患者门户网站安全性进行评估,以评估网站是否容易受到高级攻击,如拒绝服务攻击或勒索软件攻击。根据其 UPSCAN 分数,医院被分为四个安全等级:绝对低风险、中低风险、中高风险和高风险。最后,使用卡方检验分析了安全等级、合同类别和医院类型之间的关联:我们共调查了 373 家欧共体成员医院。其中,20 家医院患者门户网站被评为 "绝对低风险",104 家医院患者门户网站被评为 "中低风险",99 家医院患者门户网站被评为 "中高风险",150 家医院患者门户网站被评为 "高风险"。进一步调查显示,欧共体成员医院患者门户网站的安全性与合同类别和医院类型(PConclusion:分析结果表明,大型医院的安全级别普遍较高,这意味着低级别和小型医院的安全可能需要加强或强化。我们建议医院应重视患者门户网站的安全风险评估,以保护患者信息隐私。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
ACS Applied Bio Materials
ACS Applied Bio Materials Chemistry-Chemistry (all)
CiteScore
9.40
自引率
2.10%
发文量
464
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信