PDF(Pubmed)
Abstract:
UNASSIGNED: Growing cyberattacks have made it more challenging to maintain healthcare information system (HIS) security in medical institutes, especially for hospitals that provide patient portals to access patient information, such as electronic health record (EHR).
UNASSIGNED: This work aims to evaluate the patient portal security risk of Taiwan\'s EEC (EMR Exchange Center) member hospitals and analyze the association between patient portal security, hospital location, contract category and hospital type.
UNASSIGNED: We first collected the basic information of EEC member hospitals, including hospital location, contract category and hospital type. Then, the patient portal security of individual hospitals was evaluated by a well-known vulnerability scanner, UPGUARD, to assess website if vulnerable to high-level attacks such as denial of service attacks or ransomware attacks. Based on their UPSCAN scores, hospitals were classified into four security ratings: absolute low risk, low to medium risk, medium to high risk and high risk. Finally, the associations between security rating, contract category and hospital type were analyzed using chi-square tests.
UNASSIGNED: We surveyed a total of 373 EEC member hospitals. Among them, 20 hospital patient portals were rated as \"absolute low risk\", 104 hospital patient portals as \"low to medium risk\", 99 hospital patient portals as \"medium to high risk\" and 150 hospital patient portals as \"high risk\". Further investigation revealed that the patient portal security of EEC member hospitals was significantly associated with the contract category and hospital type (P<0.001).
UNASSIGNED: The analysis results showed that large-scale hospitals generally had higher security levels, implying that the security of low-tier and small-scale hospitals may warrant reinforcement or strengthening. We suggest that hospitals should pay attention to the security risk assessment of their patient portals to preserve patient information privacy.
UNASSIGNED: This work aims to evaluate the patient portal security risk of Taiwan\'s EEC (EMR Exchange Center) member hospitals and analyze the association between patient portal security, hospital location, contract category and hospital type.
UNASSIGNED: We first collected the basic information of EEC member hospitals, including hospital location, contract category and hospital type. Then, the patient portal security of individual hospitals was evaluated by a well-known vulnerability scanner, UPGUARD, to assess website if vulnerable to high-level attacks such as denial of service attacks or ransomware attacks. Based on their UPSCAN scores, hospitals were classified into four security ratings: absolute low risk, low to medium risk, medium to high risk and high risk. Finally, the associations between security rating, contract category and hospital type were analyzed using chi-square tests.
UNASSIGNED: We surveyed a total of 373 EEC member hospitals. Among them, 20 hospital patient portals were rated as \"absolute low risk\", 104 hospital patient portals as \"low to medium risk\", 99 hospital patient portals as \"medium to high risk\" and 150 hospital patient portals as \"high risk\". Further investigation revealed that the patient portal security of EEC member hospitals was significantly associated with the contract category and hospital type (P<0.001).
UNASSIGNED: The analysis results showed that large-scale hospitals generally had higher security levels, implying that the security of low-tier and small-scale hospitals may warrant reinforcement or strengthening. We suggest that hospitals should pay attention to the security risk assessment of their patient portals to preserve patient information privacy.
摘要:
■不断增长的网络攻击使维护医疗机构的医疗保健信息系统(HIS)安全变得更具挑战性,特别是对于提供患者门户以访问患者信息的医院,例如电子健康记录(EHR)。
■这项工作旨在评估台湾EEC(EMR交流中心)成员医院的患者门户安全风险,并分析患者门户安全之间的关联,医院位置,合同类别和医院类型。
■我们首先收集了EEC成员医院的基本信息,包括医院的位置,合同类别和医院类型。然后,由著名的漏洞扫描仪评估了各个医院的患者门户安全性,UPGUARD,评估网站是否容易受到高级别的攻击,如拒绝服务攻击或勒索软件攻击。根据他们的UPSCAN分数,医院被分为四个安全等级:绝对低风险,中低风险,中高风险和高风险。最后,安全等级之间的关联,合同类别和医院类型采用卡方检验进行分析。
■我们共调查了373家EEC成员医院。其中,20个医院患者门户被评为“绝对低风险”,104个医院患者门户为“中低风险”,99个医院患者门户为“中高风险”,150个医院患者门户为“高风险”。进一步调查显示,EEC成员医院的患者门户安全性与合同类别和医院类型显着相关(P<0.001)。
■分析结果表明,大型医院普遍具有较高的安全级别,这意味着低级和小规模医院的安全性可能需要加强或加强。我们建议医院应重视患者门户的安全风险评估,以保护患者信息隐私。
■这项工作旨在评估台湾EEC(EMR交流中心)成员医院的患者门户安全风险,并分析患者门户安全之间的关联,医院位置,合同类别和医院类型。
■我们首先收集了EEC成员医院的基本信息,包括医院的位置,合同类别和医院类型。然后,由著名的漏洞扫描仪评估了各个医院的患者门户安全性,UPGUARD,评估网站是否容易受到高级别的攻击,如拒绝服务攻击或勒索软件攻击。根据他们的UPSCAN分数,医院被分为四个安全等级:绝对低风险,中低风险,中高风险和高风险。最后,安全等级之间的关联,合同类别和医院类型采用卡方检验进行分析。
■我们共调查了373家EEC成员医院。其中,20个医院患者门户被评为“绝对低风险”,104个医院患者门户为“中低风险”,99个医院患者门户为“中高风险”,150个医院患者门户为“高风险”。进一步调查显示,EEC成员医院的患者门户安全性与合同类别和医院类型显着相关(P<0.001)。
■分析结果表明,大型医院普遍具有较高的安全级别,这意味着低级和小规模医院的安全性可能需要加强或加强。我们建议医院应重视患者门户的安全风险评估,以保护患者信息隐私。
