Information Security Management in Picture Archiving and Communication Systems for the Healthcare Industry

Abstract

Like other information systems in banking and commercial companies, information security is also an important issue in the healthcare industry. It is a common problem to have security incidences in an information system. Such security incidences include physical attacks, viruses, intrusions, and hacking. For instance, in the U.S.A., more than 10 million security incidences occurred in the year of 2003. The total loss was over $2 billion. In the healthcare industry, damages caused by security incidences could not be measured only by monetary cost. The trouble with inaccurate information in healthcare systems is that it is possible that someone might believe it and do something that might damage the patient. In a security event in which an unauthorized modification to the drug regime system at Arrowe Park Hospital proved to be a deliberate modification, the perpetrator received a jail sentence under the Computer Misuse Act of 1990. In another security event (The Institute of Physics and Engineering in Medicine, 2003), six patients received severe overdoses of radiation while being treated for cancer on a computerized medical linear accelerator between June 1985 and January 1987. Owing to the misuse of untested software in the control, the patients received radiation doses of about 25,000 rads while the normal therapeutic dose is 200 rads. Some of the patients reported immediate symptoms of burning and electric shock. Two died shortly afterward and others suffered scarring and permanent disability.