Monitoring information security risks within health care

van Deursen (Hazelhoff Roelfze, N., Buchanan, W., Duff, A. (2013). Monitoring information security risks within health care. Computers and Security, 37, (), 31-45.

ISSN: 0167-4048


This paper presents an overview of possible risks to the security of health care data. These risks were detected with a novel approach to information security. It is based on the philosophy that information security risk monitoring should include human and societal factors, and that collaboration between organisations and experts is essential to gain knowledge about potential risks. The methodology uses a mixed methods approach including a quantitative analysis of historical security incident data and expert elicitation through a Delphi study. The result is an overview of the main risks that are likely to materialise in health care organisations in the near future. These main risks include (amongst others): staff leaving data-assets unattended on the premises and these assets consequently go missing, staff sharing passwords to access patient data and staff sending email containing personal patient data to the wrong addressee thus disclosing data to unauthorised persons.
[Read More]


William Buchanan
Director of CDCS
+44 131 455 2759
Nicole van Deursen (Hazelhoff Roelfze
Research Student
+44 131 455

Areas of Expertise

Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Associated Projects