Journal of Statistics Applications & Probability

Author Country (or Countries)



Healthcare systems in recent years have had the highest cost of breaches. Data security is one of the most obstacles encountered in the healthcare system, which could cancel the integrity, availability, and confidentiality of medical data. These breaches are expected to increase in the future. Therefore, it has become necessary to develop systems that provide full protection for patients. Healthcare systems security can be improved greatly by involving security requirements in the early phases of system implementation. Usually, the security requirements are only handled from a technical viewpoint during the implementation phases. When building security in the implementation phase, this leads to weakness in system security and an increase in violations. So, this research paper is aimed to improve the security of healthcare systems, by focusing on security requirements in the early phase, and making the healthcare systems less vulnerable to hacking or any external threat by restricting access to healthcare systems. This research paper proposes designing a standard-based approach to the security of the healthcare system, which analyzes and combines system and software security requirements required to gain a secure healthcare system architecture. Both types of security requirements are designed in the healthcare architecture based on the COSMIC ISO/IEC 19761 standards. A case study is introduced for the proposed standard-based approach experimented by using the system and software security requirements specifications to protect the pharmacy system in the healthcare system from ransomware.

Digital Object Identifier (DOI)