Creating a standardized risk assessment framework library for healthcare information technology

Abstract

Data breaches are occurring at an unprecedented rate. In February 2019 alone, over a million individuals were reported to the United States government as having been involved in a breach of their medical data by healthcare entities. Although many organizations have some policies, procedures and risk management components in place, few (if any) organizations are centrally connecting legal requirements, penetration tests, policies and procedures into a standardized and consistent methodology for further analysis and auditing. This research produces a new open source risk management standardized library coordinating the aforementioned risk management components. The new library is applied to an open source vulnerable web-application example to emphasize the benefits from the adoption of such a public standardized risk assessment library.