As information systems in hospitals continue to advance and evolve, so do the threats to those systems. In today’s healthcare environment, Patient Health Information (PHI) is no more than a few clicks away. The ease of access helps healthcare providers be more efficient and provide better patient care. This same access introduces risks that must be addressed to ensure that this information is protected. Not only is this protection of PHI the right thing to do, legislation such as the Health Insurance Portability and Accountability Act (HIPPA) make it mandatory.
Guarding assets such as PHI in a healthcare facility can be a very challenging task. The threats to such information come in many different forms and from various sources. Many think viruses and outside attackers are the only threats that need to be addressed; however, this is not the case and couldn’t be further from the truth. Many threats often come from inside such as a user altering files and elevating permissions. As stated by McHugh (2001), “the problems posed by malicious users are rampant, and the inability of commodity operating systems to provide more that minimal protection has lead to a variety of attempts to secure computing systems through add-on or external means”(p.1). We must ensure that we look at all the different forms and directions of potential threats to our data.
This document is in PDF format. To view it click here.