Protection of Information in Telecommunication Medical Systems based on a Risk-Oriented Approach

Abstract

The changes brought by informatization to society have a qualitative effect on the process of modernization of medical care. At the same time, the digitization of big data in healthcare creates numerous risks from the point of view of ensuring the confidentiality, integrity, and availability of information. Inadequate security is due to both objective and subjective reasons. Among them: are the lack of a sufficient number of qualified specialists in the field of information protection; budget restrictions; software conflict; lack of training in information security rules and skills of medical personnel; non-compliance with traditional cyber security practices; legal and ethical issues related to patient data. Determining the minimum and maximum possible degrees of risk of security breaches in information and telecommunication medical systems is the key to ensuring the protection of medical information. This confirms the significance and timeliness of this research, which is based on a risk-oriented approach. The analysis of the scientific literature, having allowed the designation of the components, is how the information-telecommunication system and the links between them are put together. For each asset, the source of the threat, the threat itself, and the variants of reaction to it are identified.