ABSTRACT
Society has become increasingly dependent on IT infrastructure and services. Additionally, the pandemic of COVID-19 forced the transition of the traditional way of working (i.e., physical presence) into a more modern and flexible one (i.e., working remotely). This has led to an increase of cyberattacks, as a direct consequence of the increase of the attack surface but subsequently also led to an increased necessity for the protection of information systems. Toward the protection of information systems, cyber insurance is considered as a strategy for risk management, where necessary. Cyber insurance is emerging as an important tool to protect organizations against cyberattack-related losses. In this work, we extensively examine the relevant literature on cybersecurity insurance, research and practice, in order to draft the current landscape and present the trends.
ABSTRACT
This paper provides the description of a pilot system, HERMES, which allows secure mobile access in geographically distributed medical databases. The HERMES system builds an environment where mobile medical personnel perform secure registration and acquisition of medical information. The system can be used as an overall medical communication system on which diverse medical applications could inter-operate and securely exchange data.
Subject(s)
Computer Security/standards , Confidentiality/standards , Medical Records Systems, Computerized/standards , Computers, Handheld , Humans , Medical RecordsSubject(s)
Database Management Systems/standards , Medical Record Linkage/standards , Medical Records Systems, Computerized/instrumentation , Computer Communication Networks , Computer Security/statistics & numerical data , Computer Security/trends , Database Management Systems/trends , Humans , Information Management/standards , Information Management/trends , Telemedicine/statistics & numerical data , Telemedicine/trendsABSTRACT
Raising awareness and providing guidance to on-line data protection is undoubtedly a crucial issue worldwide. Equally important is the issue of applying privacy-related legislation in a coherent and coordinated way. Both these topics gain extra attention when referring to medical environments and, thus, to the protection of patients' privacy and medical data. Electronic medical transactions require the transmission of personal and medical information over insecure communication channels like the Internet. It is, therefore, a rather straightforward task to capture the electronic medical behavior of a patient, thus constructing "patient profiles," or reveal sensitive information related to a patient's medical history. The consequence is clearly a potential violation of the patient's privacy. We performed a risk analysis study for a Greek shared care environment for the treatment of patients suffering from beta-thalassemia, an empirically embedded scenario that is representative of many other electronic medical environments; we capitalized on its results to provide an assessment of the associated risks, focusing on the description of countermeasures, in the form of technical guidelines that can be employed in such medical environments for protecting the privacy of personal and medical information.
Subject(s)
Computer Communication Networks , Computer Security , Confidentiality , Database Management Systems , Guidelines as Topic , Information Storage and Retrieval/methods , Medical Records Systems, Computerized , Risk Assessment/methods , Electronics, Medical , Greece , Information Storage and Retrieval/standards , Risk Factors , Technology Assessment, BiomedicalABSTRACT
Raising awareness and providing guidance to on-line data protection is by all means a crucial issue worldwide. Equally important is the issue of applying privacy-related legislation in a coherent and coordinated way. Both these topics become even more critical when referring to medical environments and thus to the protection of patients' privacy and medical data. Electronic medical transactions require the transmission of personal and medical information over insecure communication channels like the Internet. It is therefore a rather straightforward task to construct "patient profiles " that capture the electronic medical behavior of a patient, or even reveal sensitive information in regard with her/his medical history. Clearly, the consequence from maintaining such profiles is the violation of the patient's privacy. This paper studies medical environments that can support electronic medical transactions or/and the provision of medical information through the Web. Specifically it focuses on the countermeasures that the various actor categories can employ for protecting the privacy of personal and medical data transmitted during electronic medical transactions.
Subject(s)
Computer Security/standards , Confidentiality/standards , Medical Record Linkage/standards , Medical Records Systems, Computerized/standards , Telemedicine/standards , Computer Communication Networks , Confidentiality/legislation & jurisprudence , Europe , Forms and Records Control/standards , Humans , Internet , Patient AdvocacyABSTRACT
In this paper we present a complete reference framework for the provision of quality assured Trusted Third Party (TTP) services within a medical environment. The main objective is to provide all the basic guidelines towards the development of a quality system for a TTP as an organisation, which could be mapped directly to the requirements of ISO-9000 standards. The important results of the implementation of a quality system, are the enhanced trustworthiness of the TTP and the confidence of the medical society in the provided services. Furthermore, the value added certification services conform to customer requirements and are characterised by efficiency, reliability, security, credibility and trust. The internal organisation acquires a clear and strict structure and maximises its effectiveness by establishing quality management, committed to control, assure and improve quality. The TTP requirements for quality are identified and the various elements of the quality system are described illustratively.
