{"title":"医院患者门户网站的安全风险评估:台湾案例研究。","authors":"Pei-Cheng Yeh, Kuen-Wei Yeh, Jiun-Lang Huang","doi":"10.2147/RMHP.S463408","DOIUrl":null,"url":null,"abstract":"<p><strong>Background: </strong>Growing cyberattacks have made it more challenging to maintain healthcare information system (HIS) security in medical institutes, especially for hospitals that provide patient portals to access patient information, such as electronic health record (EHR).</p><p><strong>Objective: </strong>This work aims to evaluate the patient portal security risk of Taiwan's EEC (EMR Exchange Center) member hospitals and analyze the association between patient portal security, hospital location, contract category and hospital type.</p><p><strong>Methods: </strong>We first collected the basic information of EEC member hospitals, including hospital location, contract category and hospital type. Then, the patient portal security of individual hospitals was evaluated by a well-known vulnerability scanner, UPGUARD, to assess website if vulnerable to high-level attacks such as denial of service attacks or ransomware attacks. Based on their UPSCAN scores, hospitals were classified into four security ratings: absolute low risk, low to medium risk, medium to high risk and high risk. Finally, the associations between security rating, contract category and hospital type were analyzed using chi-square tests.</p><p><strong>Results: </strong>We surveyed a total of 373 EEC member hospitals. Among them, 20 hospital patient portals were rated as \"absolute low risk\", 104 hospital patient portals as \"low to medium risk\", 99 hospital patient portals as \"medium to high risk\" and 150 hospital patient portals as \"high risk\". Further investigation revealed that the patient portal security of EEC member hospitals was significantly associated with the contract category and hospital type (<i>P</i><0.001).</p><p><strong>Conclusion: </strong>The analysis results showed that large-scale hospitals generally had higher security levels, implying that the security of low-tier and small-scale hospitals may warrant reinforcement or strengthening. We suggest that hospitals should pay attention to the security risk assessment of their patient portals to preserve patient information privacy.</p>","PeriodicalId":2,"journal":{"name":"ACS Applied Bio Materials","volume":null,"pages":null},"PeriodicalIF":4.6000,"publicationDate":"2024-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11193402/pdf/","citationCount":"0","resultStr":"{\"title\":\"Security Risk Assessment for Patient Portals of Hospitals: A Case Study of Taiwan.\",\"authors\":\"Pei-Cheng Yeh, Kuen-Wei Yeh, Jiun-Lang Huang\",\"doi\":\"10.2147/RMHP.S463408\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><strong>Background: </strong>Growing cyberattacks have made it more challenging to maintain healthcare information system (HIS) security in medical institutes, especially for hospitals that provide patient portals to access patient information, such as electronic health record (EHR).</p><p><strong>Objective: </strong>This work aims to evaluate the patient portal security risk of Taiwan's EEC (EMR Exchange Center) member hospitals and analyze the association between patient portal security, hospital location, contract category and hospital type.</p><p><strong>Methods: </strong>We first collected the basic information of EEC member hospitals, including hospital location, contract category and hospital type. Then, the patient portal security of individual hospitals was evaluated by a well-known vulnerability scanner, UPGUARD, to assess website if vulnerable to high-level attacks such as denial of service attacks or ransomware attacks. Based on their UPSCAN scores, hospitals were classified into four security ratings: absolute low risk, low to medium risk, medium to high risk and high risk. Finally, the associations between security rating, contract category and hospital type were analyzed using chi-square tests.</p><p><strong>Results: </strong>We surveyed a total of 373 EEC member hospitals. Among them, 20 hospital patient portals were rated as \\\"absolute low risk\\\", 104 hospital patient portals as \\\"low to medium risk\\\", 99 hospital patient portals as \\\"medium to high risk\\\" and 150 hospital patient portals as \\\"high risk\\\". Further investigation revealed that the patient portal security of EEC member hospitals was significantly associated with the contract category and hospital type (<i>P</i><0.001).</p><p><strong>Conclusion: </strong>The analysis results showed that large-scale hospitals generally had higher security levels, implying that the security of low-tier and small-scale hospitals may warrant reinforcement or strengthening. We suggest that hospitals should pay attention to the security risk assessment of their patient portals to preserve patient information privacy.</p>\",\"PeriodicalId\":2,\"journal\":{\"name\":\"ACS Applied Bio Materials\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.6000,\"publicationDate\":\"2024-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11193402/pdf/\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACS Applied Bio Materials\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://doi.org/10.2147/RMHP.S463408\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2024/1/1 0:00:00\",\"PubModel\":\"eCollection\",\"JCR\":\"Q2\",\"JCRName\":\"MATERIALS SCIENCE, BIOMATERIALS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Bio Materials","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.2147/RMHP.S463408","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/1/1 0:00:00","PubModel":"eCollection","JCR":"Q2","JCRName":"MATERIALS SCIENCE, BIOMATERIALS","Score":null,"Total":0}
Security Risk Assessment for Patient Portals of Hospitals: A Case Study of Taiwan.
Background: Growing cyberattacks have made it more challenging to maintain healthcare information system (HIS) security in medical institutes, especially for hospitals that provide patient portals to access patient information, such as electronic health record (EHR).
Objective: This work aims to evaluate the patient portal security risk of Taiwan's EEC (EMR Exchange Center) member hospitals and analyze the association between patient portal security, hospital location, contract category and hospital type.
Methods: We first collected the basic information of EEC member hospitals, including hospital location, contract category and hospital type. Then, the patient portal security of individual hospitals was evaluated by a well-known vulnerability scanner, UPGUARD, to assess website if vulnerable to high-level attacks such as denial of service attacks or ransomware attacks. Based on their UPSCAN scores, hospitals were classified into four security ratings: absolute low risk, low to medium risk, medium to high risk and high risk. Finally, the associations between security rating, contract category and hospital type were analyzed using chi-square tests.
Results: We surveyed a total of 373 EEC member hospitals. Among them, 20 hospital patient portals were rated as "absolute low risk", 104 hospital patient portals as "low to medium risk", 99 hospital patient portals as "medium to high risk" and 150 hospital patient portals as "high risk". Further investigation revealed that the patient portal security of EEC member hospitals was significantly associated with the contract category and hospital type (P<0.001).
Conclusion: The analysis results showed that large-scale hospitals generally had higher security levels, implying that the security of low-tier and small-scale hospitals may warrant reinforcement or strengthening. We suggest that hospitals should pay attention to the security risk assessment of their patient portals to preserve patient information privacy.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
