Healthcare information systems deal with personally identifiable patient information like dates of birth and social security numbers, patients' health information and history, and financial information like credit card details and bank accounts. Most healthcare institutions purchase information systems from commercial vendors and have the minimal in-house expertise required to maintain these systems. In addition, most institutions lack the necessary knowledge to research evolving threats and maintain a challenging security posture. We propose a risk transference-based system architecture that moves sensitive data outside the system boundary into data stores managed with stringent and efficient security protocols.

Authors: Sreejith Gopinath, Aspen Olmstead

Published in: World Congress on Internet Security (WorldCIS-2021)

  • Date of Conference:  7-9 December 2021
  • DOI: 10.20533/WorldCIS.2021.0004
  • ISBN: 978-1-913572-40-2
  • Conference Location: Virtual (London, UK)