Date Added: Jul 2009
Electronic Medical Records (EMR) provide increased productivity and convenience for patients, doctors, nurses, pharmacists, lab technicians and other medical professionals. The added accessibility to patient information introduces a multitude of security risks at various levels. The communication infrastructure may be breached by intruders from disparate countries. Loosely protected data entry terminals are susceptible to insider threats. This paper characterizes EMR systems as cyberphysical systems that must be protected by minimizing potential risks at each communications interface, data entry point, and data warehouse. A protection profile concept is discussed that provides management of risk based on known hacker modalities.