A classification of health information systems security flaws

Abstract

The increasing interest of both business and government sectors in information security issues has led up to the collection of several security incidents in inventories. Most of these inventories pertain to specific environments; among them there exist inventories pertaining to health information systems. Information included in these inventories could be exploited by information systems developers, if a proper means for their effective processing is provided. Such a means is a recently proposed taxonomy scheme which classifies information system security flaws according to how, where and when they been introduced. In this paper, this taxonomy scheme has been used to classify health information system security flaws. Conclusions based on the results of this classification are drawn.