Advanced search
Publication Cover
Risk Management and Healthcare Policy Volume 17, 2024 - Issue
Submit an article Journal homepage
44
Views
0
CrossRef citations to date
0
Altmetric
ORIGINAL RESEARCH

Security Risk Assessment for Patient Portals of Hospitals: A Case Study of Taiwan

Pei-Cheng Yeh1 Graduate Institute of Clinical Dentistry, School of Dentistry, College of Medicine, National Taiwan University, Taipei, Taiwan, Republic of China;2 Division of Endodontics, Department of Stomatology, Taichung Veterans General Hospital, Taichung, Taiwan, Republic of China
,
Kuen-Wei Yeh3 Investigation Bureau, Ministry of Justice, New Taipei City, Taiwan, Republic of China;4 Department of Electrical Engineering, Chinese Culture University, Taipei, Taiwan, Republic of China;5 Department of Information, Chinese Culture University, Taipei, Taiwan, Republic of ChinaCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0009-0009-5885-1354
ORCID Icon &
Jiun-Lang Huang6 Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan, Republic of China;7 Graduate Institute of Electronics Engineering, National Taiwan University, Taipei, Taiwan, Republic of ChinaORCID Iconhttps://orcid.org/0000-0002-9425-3855
ORCID Icon
Pages 1647-1656 | Received 07 Feb 2024, Accepted 29 May 2024, Published online: 18 Jun 2024
 
Sample our Health and Social Care journals, sign in here to start your FREE access for 14 days

Abstract

Background

Growing cyberattacks have made it more challenging to maintain healthcare information system (HIS) security in medical institutes, especially for hospitals that provide patient portals to access patient information, such as electronic health record (EHR).

Objective

This work aims to evaluate the patient portal security risk of Taiwan’s EEC (EMR Exchange Center) member hospitals and analyze the association between patient portal security, hospital location, contract category and hospital type.

Methods

We first collected the basic information of EEC member hospitals, including hospital location, contract category and hospital type. Then, the patient portal security of individual hospitals was evaluated by a well-known vulnerability scanner, UPGUARD, to assess website if vulnerable to high-level attacks such as denial of service attacks or ransomware attacks. Based on their UPSCAN scores, hospitals were classified into four security ratings: absolute low risk, low to medium risk, medium to high risk and high risk. Finally, the associations between security rating, contract category and hospital type were analyzed using chi-square tests.

Results

We surveyed a total of 373 EEC member hospitals. Among them, 20 hospital patient portals were rated as “absolute low risk”, 104 hospital patient portals as “low to medium risk”, 99 hospital patient portals as “medium to high risk” and 150 hospital patient portals as “high risk”. Further investigation revealed that the patient portal security of EEC member hospitals was significantly associated with the contract category and hospital type (P<0.001).

Conclusion

The analysis results showed that large-scale hospitals generally had higher security levels, implying that the security of low-tier and small-scale hospitals may warrant reinforcement or strengthening. We suggest that hospitals should pay attention to the security risk assessment of their patient portals to preserve patient information privacy.

Data Sharing Statement

The datasets used during the current study are available in https://www.nhi.gov.tw/Content_List.aspx?n=07FEBAA0B8C34D90&topn=D39E2B72B0BDFA15.

Disclosure

The authors report no conflicts of interest in this work.

Download PDF

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.