Methods of responding to healthcare security incidents Steven Furnell a , Dimitris Gritzalis b , Sokratis Katsikas c , Konstantinos Mavroudakis c , Peter Sanders a , Matthew Warren d a Network Research Group, School of Electronic, Communication and Electrical Engineering, University of Plymouth, Plymouth, United Kingdom (stevef@pbs.plym.ac.uk; peter.sanders1@virgin.net) b Athens University of Economics and Business, Department of Informatics, 76 Patission St., Athens 10434, Greece (dgrit@aegean.gr) c University of the Aegean, Department of Mathematics, Karlovassi 83200, Greece (ska@aegean.gr; kmav@aegean.gr) d Business Security Group, Plymouth Business School, University of Plymouth, Plymouth, United Kingdom (m.warren@pbs.plym.ac.uk) Abstract This paper considers the increasing requirement for security in healthcare IT systems and, in particular, identifies the need for appropriate means by which healthcare establishments (HCEs) may respond to incidents. The main discussion focuses upon two significant initiatives that have been established in order to improve understanding and awareness of healthcare security issues. The first is the establishment of a dedicated Incident Reporting Scheme (IRS) for HCEs, enabling the level and types of security incidents faced within the healthcare community to be monitored and advice appropriately targeted. The second aspect presents a description of healthcare security World Wide Web service, which provides a comprehensive source of advice and guidance for establishments when trying to address and prevent IT security breaches. The discussion is based upon work that is currently being undertaken with the ISHTAR (Implementing Secure Healthcare Telematics Applications in Europe) project, as part of the Telematics Applications for Health programme of the European Commission. Keywords: Healthcare Security; Incident Reporting; Security Guidelines; Awareness Introduction It is now widely recognised that Information Technology (IT) systems fulfil a vital role in the operation and running of modern healthcare establishments (HCEs). Systems are utilised in a variety of direct care and supporting activities, such that staff are increasingly dependent upon them in performing their day-to-day activities. In addition, individual systems frequently form part of an interconnected network, with the resulting infrastructure handling an increasing variety of data (of varying types and levels of sensitivity). Whilst such arrangements deliver a number of advantages and new capabilities to healthcare providers, they also introduce additional vulnerabilities within the establishment, increasing the possibility of security breaches. As such, the need to preserve data security (in terms of confidentiality, integrity, availability and accountability) assumes ever increasing importance. Evidence suggests that the healthcare community can be particularly vulnerable to security incidents. For example, a survey of computer abuse conducted by the UK Audit Commission in 1994 [1] showed the healthcare field to be amongst the most significantly affected (other areas surveyed included local government, education, finance, manufacturing, retail, IT and communications). The number of healthcare security incidents reported (i.e. 127 cases) was more than for any other sector save local government (with 193 incidents), and represented 24% of the total incidents reported. Furthermore, of the 334 establishments that responded, more than a third (35%) reported some kind of incident.