Skip to main content

Advertisement

Table 4 Threats identified for BP2: “Access the medical record of a foreign patient”

From: Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

ID Type Assets Malicious actors Description/Example scenario
T1 Spoofing All information assets Other actors without a clear role in the BP An external actor could pretend to be legitimate, in order to get the HCP credentials and use them to access information (e.g. patient’s medical record), on behalf of the HCP.
T2 Tampering All information assets Other actors without a clear role in the BP A malicious user could (perhaps combined with a spoofing attack) modify the information assets (e.g. the patient’s medical record or the HCP’s credentials) in a malicious way for social, financial or for personal reasons.
T3 Repudiation All information assets HCPs Deny accessing medical information to avoid legal consequences upon an HCP (e.g. in a case of a medical error).
T4 Information disclosure All information assets HCPs and other actors without a clear role in the BP An HCP could provide access to a patient’s medical record, aiming at patient’s financial or personal harm or for personal financial benefit.
T5 Denial of Service Medical record information Other actors without a clear role in the BP Hinders access to the respective services, aiming to cause damage to the patient or the healthcare organization providing the medical services.
T6 Privilege Elevation Medical record information Other actors without a clear role in the BP Assign privileges to one or multiple medical records aiming at exploiting or damaging data, or alternatively aiming at patients’ financial or personal harm.
T7 Physical stealing Physical authentication means Other actors without a clear role in the BP Stealing the eID card of the HCP could facilitate spoofing, information disclosure and privilege elevation.