RÉSUMÉ
Telemedicine is a critical infrastructure that directly affects people's lives. In this vein, the government announcement of the introduction of a telemedicine service has caused controversy among the government and medical institutions over the safety of the service. Before the introduction of the telemedicine service, its technical safety and effectiveness should be validated. The telemedicine system should be supported by proper policies to ensure a secure, continuous service. To this end, we have conducted research to derive the security requirements from domestic and foreign standards and laws relating to telemedicine and information security. Based on the derived requirements, we have developed a security standard for telemedicine that facilitates the objective assessment of the security of the telemedicine service. Furthermore, we have analyzed the vulnerabilities of telemedicine devices through penetration tests. Finally, using a risk analysis method, we have created risk scenarios that might occur in the provision of telemedicine services, and have calculated risk levels and expected loss for each scenario. We expect that the results of this research will be a basis for ensuring a sufficient budget and staff for the safety of telemedicine, and for establishing relevant policies.