Research Article
A STRIDE-Based Threat Modeling Framework for Small Clinics and AI-Enabled Healthcare Services
|
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
|
| Volume 187 - Issue 65 |
| Published: December 2025 |
| Authors: Sri Sowmya Nemani |
10.5120/ijca2025926102
|
Sri Sowmya Nemani . A STRIDE-Based Threat Modeling Framework for Small Clinics and AI-Enabled Healthcare Services. International Journal of Computer Applications. 187, 65 (December 2025), 54-57. DOI=10.5120/ijca2025926102
@article{ 10.5120/ijca2025926102,
author = { Sri Sowmya Nemani },
title = { A STRIDE-Based Threat Modeling Framework for Small Clinics and AI-Enabled Healthcare Services },
journal = { International Journal of Computer Applications },
year = { 2025 },
volume = { 187 },
number = { 65 },
pages = { 54-57 },
doi = { 10.5120/ijca2025926102 },
publisher = { Foundation of Computer Science (FCS), NY, USA }
}
%0 Journal Article
%D 2025
%A Sri Sowmya Nemani
%T A STRIDE-Based Threat Modeling Framework for Small Clinics and AI-Enabled Healthcare Services%T
%J International Journal of Computer Applications
%V 187
%N 65
%P 54-57
%R 10.5120/ijca2025926102
%I Foundation of Computer Science (FCS), NY, USA
Abstract
Small clinics operate medical devices (imaging, anesthesia monitors), EHR systems, payment terminals, and third-party integrations (diagnostic labs, suppliers). Despite handling sensitive client data and relying on networked medical devices, these clinics rarely adopt formal threat-modeling practices. This paper presents the Threat modeling for small scale businesses like Vet clinics, Chiropractor clinics, AI-Enabled Health care service etc. Mostly, lightweight STRIDE threat modeling for IoT and EHR security. This paper demonstrates the framework on a representative clinic profile and shows how straightforward mitigations (TLS, MFA, network segmentation, vendor contract clauses) measurably reduce attack surface and risk exposure.
References
- McCoy, D. (2025, February 2). Understand all things cybersecurity, EHR, and spam [Audio podcast episode]. Chiro Hustle Podcast, Episode 703.
- Hossain, M. I., & Hasan, R. (2024). Improving security practices in health information systems with STRIDE threat modeling. IEEE WF-IoT.
- Zhai, B., Akande, O. N., Agarwal, S., & Pak, W. (2025). Security considerations in digital healthcare ecosystems. ScienceDirect.
- U.S. Department of Health and Human Services. (2023).Threat modeling for mobile health systems. https://www.hhs.gov
- Alozie, C. (2024). Threat modeling in the health care sector. https://www.researchgate.net/publication/389100717_Threat_Modeling_in_Health_Care_Sector
- OWASP. (n.d.). Threat modeling. https://owasp.org/www-community/Threat_Modeling
- Ahmed, S., Kumar, R., & Banerjee, A. (2024). Automating healthcare with AI: Optimizing electronic health records and predictive analytics for improved patient outcomes. https://www.researchgate.net/publication/390761189_Automating_Healthcare_with_AI_Optimizing_Electronic_Health_Records_and_Predictive_Analytics_for_Improved_Patient_Outcomes
- Imran, M., Kelley, L., & Torres, J. (2024). Enhancing clinical documentation efficiency using advanced EHR systems. https://pmc.ncbi.nlm.nih.gov/articles/PMC11605373/
- Saini, R., Gupta, P., & Lee, D. (2025). AI integration in healthcare: Risks, vulnerabilities, and clinical risk management considerations. Journal of Medical Systems. https://pmc.ncbi.nlm.nih.gov/articles/PMC12579840/
- Zhang, Y., Chen, H., & Mohammed, S. (2025). Security assessment of IoT-based health devices using STRIDE and DREAD. Digital Communications and Networks. https://www.sciencedirect.com/science/article/pii/S2090447925004629
- Chandra, S., Kalra, A., & Gupta, R. (2023). Security and privacy challenges in AI-enabled healthcare systems. Journal of Healthcare Informatics Research.
- Kumar, P., & Singh, A. (2024). Risk assessment and mitigation strategies in cloud-based healthcare platforms. International Journal of Medical Informatics.
Index Terms
Keywords