Security considerations for telemedicine systems
Abstract Background: In this study, the effects of cybersecurity threats on telemedicine were investigated, and methods to evaluate security risks were considered. Many research institutes and investigation agencies have provided information about cybersecurity incidents in the medical field, between 2009 and 2019. Methods: The scenario information about cybersecurity threats was directly collected through a field survey. Potential threats that can occur in telemedicine services were accurately identified, and objective security requirements were derived by threat modeling using attack trees. The attack occurrence probability and attack success probability according to the importance of telemedicine service assets were included as variables. Results: The introduction of telemedicine guarantees accessibility to medical services for vulnerable areas. However, potential security threats and response measures in the telemedicine environment, which includes users and patients, remote medical devices, home networks, gateway devices, the Internet, and the telemedicine system, have not been considered thus far. Conclusion: This study contributes to the improvement of security by introducing methods to identify and evaluate security threats and preparing security measures for the telemedicine environment.