Information Security in the Healthcare System

The healthcare industry holds massive amounts of sensitive data of millions of people. This data includes patient demographics and identifiers, health statuses, and financial information related to healthcare. The lack of awareness in general and inadequate systematic structure to prevent information security breaches makes small healthcare clinics' information more susceptible to various information security threats. In some instances, these small healthcare clinics are aware of these risks but are unable to implement the needed security policies and structure due to insufficient resources. Other threats may appear due to lack of proper configuration and maintenance of various practice management software applications, network configurations, and hardware devices. Research shows that practice management software applications can be an easy target of DoS attack and information theft. The network configurations in small-scale health clinics are usually vulnerable to “man-in-the-middle” attack. The hardware devices have threats stemming from using outdated or minimally updated devices to stay in compliance with rules and regulations which can also result in information theft. This research attempts to uncover potential weaknesses in the information security specifically in small-scale healthcare clinics by analyzing the software, network, and hardware devices used for medical services and clerical work.