Generic security cases for information system security in healthcare systems

Numerous data breach incidents have been reported in recent years and there is a continuing requirement to protect patient and clinician confidentiality. However, the diversity of security products, tools and techniques in the market place make it very hard for management to ensure that they have implemented coherent countermeasures to meet organisations higher-level objectives. This paper focuses on the problems that arise in implementing and maintaining cyber-security policies in large, complex healthcare organisations. We address these problems by the use of graphical argumentation techniques. In particular, we show how the Goal Structuring Notations (GSN) can be extended from applications in safetycritical systems. Security arguments presented with GSN can help managers to reason about cyber-security policies and procedures by bringing together claims and the evidence that supports them in a structured and coherent way. A further objective of this paper is to show how GSN can be used to construct security arguments that are informed by the analysis of previous security incidents in healthcare organisations. In particular, we present two generic security cases that embody the recommendations from incidents involving the United States´ Veterans´ Affairs (VA) administration and Shenzhen Hospital in China. These case studies were deliberately chosen to show how lessons learned in one country might inform security management in other healthcare systems. We also show that security cases can be created at a level of abstraction that support reuses and at the same time capture detailed recommendations from security incidents.