Exploring Information Security Risks in Healthcare Systems

Abstract

The volume and severity of information security breaches encountered continues to increase as organizations, including healthcare organizations, struggle to identify more effective security policies and procedures. Publicly available guidelines such as GASSP or ISO17799 that are designed to facilitate development of effective security policies and procedures have been criticized for, among other things, inadequate attention to differences in organizational security needs (Baskerville & Siponen, 2002), and for inadequate attention to the social dimensions of security problems (Dhillon & Backhouse, 2001). In this contribution, we argue that the diversity of organizational security needs, as well as the need to recognize the social dimensions to security problems, will continue to grow as companies move away from employing unique, proprietary approaches to software and network development, in favor of adopting standards-based plug-and-play applications, and related standards-based methods and technologies designed to enable interorganizational as well as local systems interoperability.