Abstract
This paper presents an overview of possible risks to the security of health care data. These risks were detected with a novel approach to information security. It is based on the philosophy that information security risk monitoring should include human and societal factors, and that collaboration between organisations and experts is essential to gain knowledge about potential risks. The methodology uses a mixed methods approach including a quantitative analysis of historical security incident data and expert elicitation through a Delphi study. The result is an overview of the possible socio-technical risks that a panel of experts expect to materialise in health care organisations in the near future. These risks include (amongst others): staff leaving data assets unattended on the premises and these assets consequently go missing, staff sharing passwords to access patient data and staff sending email containing personal patient data to the wrong addressee thus disclosing data to unauthorised persons. The expert panel recognized risks from current discussion topics such as outsourcing, but these risks are still considered to appear less frequently than the more traditional information security risks. Furthermore, the panel did not estimate a high frequency of occurrence of socio-technical information security risks caused by new technologies such as cloud computing or RFID.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
