Skip to main content

Table 9 Examples of telemedicine risk assessment estimates

From: Risk management-based security evaluation model for telemedicine systems

AssetAVConcernAOPASPRV
Telemedicine deviceRTOS/
GPOS/
gateway
5Patient information leakage1210L
5Weak password set2550H
5Critical information transmitted owing to device operation errors3460H
5Loss due to improper management of telemedicine device2550H
5Access to internal system used by unapproved device115L
5Information leakage by device because of malware infection115L
5Saving important information in device2440H
5Leakage of significant information from lost/stolen device2440H
5Access to internal system and disclosure of important information owing to application vulnerabilities of device2440H
5Device ↔ plaintext transmission between internal system3575H
5Device ↔ plaintext transmission between telemedicine system3575H
5Device ↔ MITM attacks between telemedicine system3115M
  5Gateway ↔ plaintext transmission between internal system3327M
  5Information leakage because of malware infection (vaccine or latest patch)1210L
  5Significant information disclosure by gateway hacking2110L
  5MITM attacks using rogue gateway2110L
  5Significant information leakage from lost/stolen gateway device2330M
PCPC4Forgery via wiretapping and spoofing3560H
4Unauthorized access via MITM attacks2324M
4Gateway ↔ plaintext transmission between telemedicine system3560H
4MITM attacks using rogue AP218L
4Information leakage because of malware infection (vaccine or latest patch)128L
4Significant information disclosure owing to gateway hacking114L
4Internal access to national communication networks by bypassing physical security controls114L
4Internal access to national communication networks by exploiting wireless network vulnerability114L
4Leaving working seat for a long period after logging in2540H
4Nonrepudiation failure by not saving accessed records1520M
  4Accident due to telemedicine system operation errors1520M
S/WTelemedicine software4Access to internal system and important information disclosure by exploiting vulnerabilities of application used for telemedicine treatment114L
4Access to internal system via update files for application used for telemedicine treatment114L
Data transmission software3Access to internal system and important information disclosure by exploiting vulnerability of application used for data transmission113L
Patient medical information software3Access to internal system via update files for software216L
Monitoring software2Access to internal system via update files for software214L
ECG software5Access to internal system via update files for telemedicine system2110L
InformationPersonal information4Sniffing3336H
 Health information4Health information sniffing3336H
 Medical information5Sending invalid prescriptions by changing medical information during telemedicine treatment115L
 5Misuse of medical information by analyzing network packets during telemedicine treatment2110L
  5Accidents caused by telemedicine system operation errors2550H
  5Forgery via network eavesdropping and spoofing during patient information exchange2330H