Risk management-based security evaluation model for telemedicine systems

Dong Won Kim, Jin Young Choi, Keun Hee Han

Research output: Contribution to journalArticlepeer-review

38 Citations (Scopus)


Background: Infectious diseases that can cause epidemics, such as COVID-19, SARS-CoV, and MERS-CoV, constitute a major social issue, with healthcare providers fearing secondary, tertiary, and even quaternary infections. To alleviate this problem, telemedicine is increasingly being viewed as an effective means through which patients can be diagnosed and medications prescribed by doctors via untact Thus, concomitant with developments in information and communication technology (ICT), medical institutions have actively analyzed and applied ICT to medical systems to provide optimal medical services. However, with the convergence of these diverse technologies, various risks and security threats have emerged. To protect patients and improve telemedicine quality for patient safety, it is necessary to analyze these risks and security threats comprehensively and institute appropriate countermeasures. Methods: The security threats likely to be encountered in each of seven telemedicine service areas were analyzed, and related data were collected directly through on-site surveys by a medical institution. Subsequently, an attack tree, the most popular reliability and risk modeling approach for systematically characterizing the potential risks of telemedicine systems, was examined and utilized with the attack occurrence probability and attack success probability as variables to provide a comprehensive risk assessment method. Results: In this study, the most popular modelling method, an attack tree, was applied to the telemedicine environment, and the security concerns for telemedicine systems were found to be very large. Risk management and evaluation methods suitable for the telemedicine environment were identified, and their benefits and potential limitations were assessed. Conclusion: This research should be beneficial to security experts who wish to investigate the impacts of cybersecurity threats on remote healthcare and researchers who wish to identify new modeling opportunities to apply security risk modeling techniques.

Original languageEnglish
Article number106
JournalBMC Medical Informatics and Decision Making
Issue number1
Publication statusPublished - 2020 Jun 10

Bibliographical note

Publisher Copyright:
© 2020 The Author(s).


  • Medical information security
  • Smart medical security
  • Telecare security
  • Telemedicine security

ASJC Scopus subject areas

  • Health Policy
  • Health Informatics


Dive into the research topics of 'Risk management-based security evaluation model for telemedicine systems'. Together they form a unique fingerprint.

Cite this