SlideShare a Scribd company logo

Lukas - Ancaman E-Health Security

Download as PPT, PDF
Indonesia Honeynet Chapter
Indonesia Honeynet Chapter

Lukas - Ancaman E-Health Security

TechnologyHealth & MedicineBusiness
1 of 23
Ancaman-ancaman Terhadap Keamanan Informasi Pada eHealth (Security Threats in eHealth) Lukas & Hadi Syahrial lookus@gmail.com hadisyahrial@gmail.com
Honeynet mission To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned. Outline: eHealth attack: motives, tacticts, tools.
What is eHealth? http://www.who.int/trade/glossary/story021/en/ E-health is the transfer of health resources and health care by electronic means. It encompasses three main areas: The delivery of health information, for health professionals and health consumers, through the Internet and telecommunications. Using the power of IT and e-commerce to improve public health services, e.g. through the education and training of health workers. The use of e-commerce and e-business practices in health systems management.
4(#total) eHealth - The Future of Healthcare The banking metaphor Most transactions carried out by the customer Centralisation of specialist services Decentralisation of non- specialist services
5 (#t Existing Health on the Web Estimated to be ~20,000 health websites Used by 98 million adults 75% of people who have web access average of 3.3 times per month More than consult doctors each day3 7M e-patients/day on the net; 2-3M patients see a doctor
6 (#t Existing Health on the Web Access to accurate information can lead to more knowledgable, empowered, less anxious patients more participatory health decisions better care as patient and doctor become partners Mis-information can lead to confused and angry patients bad decisions, mis-placed hope, worse care, harm Privacy violations can cause emotional and economic damage
7(#total) eHealth “Healthcare which is supported by electronic processes” Other terms: – Healthcare informatics or Health Information Technology (HIT) – Medical Information Systems (MIS) – Biomedical informatics (also includes Bioinformatics: gene sequencing etc.)
8(#total) eHealth includes: Electronic Medical Records: easy communication of patient data between different healthcare professionals (GPs, specialists, care team, pharmacy) Telemedicine: do not require a patient and specialist in same physical location. Decision support systems in healthcare Data can be analysed to provide alerts, reminders and real-time decision aids Evidence Based Medicine: The application of the scientific method to medical practice Check if diagnosis is in line with scientific research. Data can be kept up-to-date. Citizen-oriented Information Provision: for both healthy individuals and patients Specialist-oriented Information Provision: best practice guidelines from latest medical journals. Virtual healthcare teams: collaborate and share information on patients through digital equipment (for transmural care).
9(#total) Transmural Care Transmural: Care should not stop at the walls of the hospital – Both intra- and extra-mural, thus ‘transmural care’. – Care before, during and after the hospital stay. – Cooperation and coordination among local practitioner, hospital, home care and rehabilitation centres – Patient part of an agreed programme - protocols and standards.
10(#total) Medical Errors Human Errors: IOM Report, 1999 44,000 to 98,000 die in US annually from medical errors at 44,000, would rank as 8th leading cause of death car accidents: 43,458 breast cancer: 42,297 AIDS: 16,516 7000 deaths from medication errors alone
http://www.theaustralian.com.au/australian- it/government/e-health-data-systen-is-vulnerable-to-attack- from-fraudsters/story-fn4htb9o-1226310709795
Data Breaches by Sector in 2012 Symantec: Internet Security Threat Report 2013 :: Volume 18
Ancaman-ancaman (Threats) Pihak manajemen rumah sakit (CEO) tidak sepenuhnya mengerti tentang resiko keamanan informasi dan cara mengelola dan menanganinya. Sulit mencari professional yang berbakat di bidang keamanan informasi. Orang dalam (insiders) yang sengaja atau tidak sengaja membocorkan informasi personal dan rahasia.
Hacktivists Crime as a Service (CaaS) Kebocoran informasi (Information leaks) BYOD (bring your own device) BYOC (bring your own cloud) Regulasi (regulation) dari pemerintah tentang keamanan informasi rumah sakit Big Data Ancaman-ancaman (threats) - lanjutan
Impact Pasien Keluarga Reputasi (reputation) rumah sakit
Motives 1. Personal financial gain Blackmail, competitive advantage, lawsuit, career advancement, corruption of clinical trials or research results, divert valuable assets 2. Revenge Denied advancement, perceived wrong, ideological redress (common occurrences from a potentially disgruntled employee; higher probability then most other sources of threat to an agencies information, information technology infrastructure, and/or physical facilities) 3. Curiosity and thrill seeking Non-malicious hacker, desire to be an insider, “how does it work” reasons, gain access 4. Intellectual challenge, learning, need for acceptance and respect Malicious and non-malicious hackers, destroy data bases, take control 5. Personal evidence Cover a crime, cover a mistake, insider and external information destruction
Motives 6. Institutional evidence Cover crime, cover bad decisions, cover misadventures, change clinical trials or research results, intimidate personnel 7. Perceived moral or idealism purpose Religious, cultural and philosophical radicals, demonstrate ideological or religious causes, labor unrest, domestic and foreign cultural agitation, “Robin Hood” motives 8. Military and national intelligence Information on readiness, composition and disposition of units, status and intent of forces, impact readiness through destruction of capability 9. Political and economic intelligence Gain information on individuals, gain advantage in international negotiations, obtain research and other valuable technical information that would be too expensive to develop by oneself or in failing block, keys, etc.
Motives 10. Business intelligence Competitive advantage, trade secrets entrusted to government, illegally obtain product specifications or research content and results, illegally obtain data to conduct research 11. Terror Create life threatening situations, destroy care capability, weaken culture and values 12. Ignorance Intruders may be unaware that actions are illegal and punishable, consultants obtaining unauthorized password block, keys, etc.
Solusi (rekomendasi) Teknologi (technology) Proses (process) Orang (people) Kepatuhan (compliance) Resiko (risk) Tata kelola keamanan informasi (information security governance)
Tactics Stolen devices (laptop, flashdisk, harddisk, etc) Sniffing the network Social engineering Trojan Horse: A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software. Back Doors: In case the original entry point has been detected, having a few hidden ways back makes reentry easy and difficult to detect. Malicious Applets: Tiny programs, sometimes written in the popular java computer language, that misuse your computer's resources, modify files on the hard disk, send fake E-mail, or steal passwords.
Pentingnya Melakukan Security Review Security requirement analysis Threat modeling IT infrastructure architecture analysis Code review Penetration testing Compliance audit Security maturity
Conclusion To secure eHealth: a raised level of awareness, shared responsibility, constant risk assessment and testing procedures, the management of identified risks, and finally the most difficult issue of implementing truly comprehensive and steadfast legal and enforcing mechanisms It is important to apply Cyber Hygiene for all employees and medical staffs in the hospital
Q & A Health IT Security Forum www.healthitsecurity.or g lookus@gmail.com hadisyahrial@gmail.com

Recommended

2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0grp362
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowStephen Cobb
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Cyber Security –PPT
Cyber Security –PPTCyber Security –PPT
Cyber Security –PPTRajat Kumar
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Security tools
Security toolsSecurity tools
Security toolsarfan shahzad
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 

Recommended

2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0grp362
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowStephen Cobb
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Cyber Security –PPT
Cyber Security –PPTCyber Security –PPT
Cyber Security –PPTRajat Kumar
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Security tools
Security toolsSecurity tools
Security toolsarfan shahzad
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Three trends in cybersecurity
Three trends in cybersecurityThree trends in cybersecurity
Three trends in cybersecurityAlexander Deucalion
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2Kabul Education University
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assuranceVaughan Olufemi ACIB, AICEN, ANIM
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksJames Cash
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges Cybersecurity Education and Research Centre
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Kabul Education University
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPace IT at Edmonds Community College
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Security and privacy
Security and privacySecurity and privacy
Security and privacyMohammed Adam
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPace IT at Edmonds Community College
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Ronan Martin
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201IJNSA Journal
 

More Related Content

What's hot

Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksJames Cash
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPace IT at Edmonds Community College
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Security and privacy
Security and privacySecurity and privacy
Security and privacyMohammed Adam
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Ronan Martin
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 

What's hot (20)

Three trends in cybersecurity
Three trends in cybersecurityThree trends in cybersecurity
Three trends in cybersecurity
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Security and privacy
Security and privacySecurity and privacy
Security and privacy
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
 
презентация1
презентация1презентация1
презентация1
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
 
Topic11
Topic11Topic11
Topic11
 

Similar to Lukas - Ancaman E-Health Security

Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxssuserf9c51d
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxwlynn1
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfSparity1
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxArti Parab Academics
 
It seminar isr
It seminar isrIt seminar isr
It seminar isrASNA p.a
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Running Head DATA BREACH .docx
Running Head DATA BREACH .docxRunning Head DATA BREACH .docx
Running Head DATA BREACH .docxtodd271
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
Clinical Nursing Information System
Clinical Nursing Information SystemClinical Nursing Information System
Clinical Nursing Information SystemJack Frost
 
Privacy, Confidentiality, and Security_lecture 1_slides
Privacy, Confidentiality, and Security_lecture 1_slidesPrivacy, Confidentiality, and Security_lecture 1_slides
Privacy, Confidentiality, and Security_lecture 1_slidesZakCooper1
 
Cybersecurity Challenges in the Healthcare Industry.pdf
Cybersecurity Challenges in the Healthcare Industry.pdfCybersecurity Challenges in the Healthcare Industry.pdf
Cybersecurity Challenges in the Healthcare Industry.pdfMobibizIndia1
 
Computer_Ethics_importance_of_computer_ethics.pdf
Computer_Ethics_importance_of_computer_ethics.pdfComputer_Ethics_importance_of_computer_ethics.pdf
Computer_Ethics_importance_of_computer_ethics.pdfmt5854804210
 
Computer in medical technolog (1)
Computer in medical technolog (1)Computer in medical technolog (1)
Computer in medical technolog (1)Zeeshan Jafri
 

Similar to Lukas - Ancaman E-Health Security (20)

Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
 
Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docx
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
 
It seminar isr
It seminar isrIt seminar isr
It seminar isr
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in Healthcare
 
Running Head DATA BREACH .docx
Running Head DATA BREACH .docxRunning Head DATA BREACH .docx
Running Head DATA BREACH .docx
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
Clinical Nursing Information System
Clinical Nursing Information SystemClinical Nursing Information System
Clinical Nursing Information System
 
Privacy, Confidentiality, and Security_lecture 1_slides
Privacy, Confidentiality, and Security_lecture 1_slidesPrivacy, Confidentiality, and Security_lecture 1_slides
Privacy, Confidentiality, and Security_lecture 1_slides
 
Cybersecurity Challenges in the Healthcare Industry.pdf
Cybersecurity Challenges in the Healthcare Industry.pdfCybersecurity Challenges in the Healthcare Industry.pdf
Cybersecurity Challenges in the Healthcare Industry.pdf
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.ppt
 
N018138696
N018138696N018138696
N018138696
 
Computer_Ethics_importance_of_computer_ethics.pdf
Computer_Ethics_importance_of_computer_ethics.pdfComputer_Ethics_importance_of_computer_ethics.pdf
Computer_Ethics_importance_of_computer_ethics.pdf
 
Computer in medical technolog (1)
Computer in medical technolog (1)Computer in medical technolog (1)
Computer in medical technolog (1)
 

More from Indonesia Honeynet Chapter

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureIndonesia Honeynet Chapter
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyIndonesia Honeynet Chapter
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesIndonesia Honeynet Chapter
 

More from Indonesia Honeynet Chapter (8)

Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter
 
Karunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident HandlingKarunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident Handling
 
Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013
 
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
 
Amien Harisen - APT1 Attack
Amien Harisen - APT1 AttackAmien Harisen - APT1 Attack
Amien Harisen - APT1 Attack
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident Updates
 

Recently uploaded

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Recently uploaded (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

Lukas - Ancaman E-Health Security

  • 1. Ancaman-ancaman Terhadap Keamanan Informasi Pada eHealth (Security Threats in eHealth) Lukas & Hadi Syahrial lookus@gmail.com hadisyahrial@gmail.com
  • 2. Honeynet mission To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned. Outline: eHealth attack: motives, tacticts, tools.
  • 3. What is eHealth? http://www.who.int/trade/glossary/story021/en/ E-health is the transfer of health resources and health care by electronic means. It encompasses three main areas: The delivery of health information, for health professionals and health consumers, through the Internet and telecommunications. Using the power of IT and e-commerce to improve public health services, e.g. through the education and training of health workers. The use of e-commerce and e-business practices in health systems management.
  • 4. 4(#total) eHealth - The Future of Healthcare The banking metaphor Most transactions carried out by the customer Centralisation of specialist services Decentralisation of non- specialist services
  • 5. 5 (#t Existing Health on the Web Estimated to be ~20,000 health websites Used by 98 million adults 75% of people who have web access average of 3.3 times per month More than consult doctors each day3 7M e-patients/day on the net; 2-3M patients see a doctor
  • 6. 6 (#t Existing Health on the Web Access to accurate information can lead to more knowledgable, empowered, less anxious patients more participatory health decisions better care as patient and doctor become partners Mis-information can lead to confused and angry patients bad decisions, mis-placed hope, worse care, harm Privacy violations can cause emotional and economic damage
  • 7. 7(#total) eHealth “Healthcare which is supported by electronic processes” Other terms: – Healthcare informatics or Health Information Technology (HIT) – Medical Information Systems (MIS) – Biomedical informatics (also includes Bioinformatics: gene sequencing etc.)
  • 8. 8(#total) eHealth includes: Electronic Medical Records: easy communication of patient data between different healthcare professionals (GPs, specialists, care team, pharmacy) Telemedicine: do not require a patient and specialist in same physical location. Decision support systems in healthcare Data can be analysed to provide alerts, reminders and real-time decision aids Evidence Based Medicine: The application of the scientific method to medical practice Check if diagnosis is in line with scientific research. Data can be kept up-to-date. Citizen-oriented Information Provision: for both healthy individuals and patients Specialist-oriented Information Provision: best practice guidelines from latest medical journals. Virtual healthcare teams: collaborate and share information on patients through digital equipment (for transmural care).
  • 9. 9(#total) Transmural Care Transmural: Care should not stop at the walls of the hospital – Both intra- and extra-mural, thus ‘transmural care’. – Care before, during and after the hospital stay. – Cooperation and coordination among local practitioner, hospital, home care and rehabilitation centres – Patient part of an agreed programme - protocols and standards.
  • 10. 10(#total) Medical Errors Human Errors: IOM Report, 1999 44,000 to 98,000 die in US annually from medical errors at 44,000, would rank as 8th leading cause of death car accidents: 43,458 breast cancer: 42,297 AIDS: 16,516 7000 deaths from medication errors alone
  • 12. Data Breaches by Sector in 2012 Symantec: Internet Security Threat Report 2013 :: Volume 18
  • 13. Ancaman-ancaman (Threats) Pihak manajemen rumah sakit (CEO) tidak sepenuhnya mengerti tentang resiko keamanan informasi dan cara mengelola dan menanganinya. Sulit mencari professional yang berbakat di bidang keamanan informasi. Orang dalam (insiders) yang sengaja atau tidak sengaja membocorkan informasi personal dan rahasia.
  • 14. Hacktivists Crime as a Service (CaaS) Kebocoran informasi (Information leaks) BYOD (bring your own device) BYOC (bring your own cloud) Regulasi (regulation) dari pemerintah tentang keamanan informasi rumah sakit Big Data Ancaman-ancaman (threats) - lanjutan
  • 16. Motives 1. Personal financial gain Blackmail, competitive advantage, lawsuit, career advancement, corruption of clinical trials or research results, divert valuable assets 2. Revenge Denied advancement, perceived wrong, ideological redress (common occurrences from a potentially disgruntled employee; higher probability then most other sources of threat to an agencies information, information technology infrastructure, and/or physical facilities) 3. Curiosity and thrill seeking Non-malicious hacker, desire to be an insider, “how does it work” reasons, gain access 4. Intellectual challenge, learning, need for acceptance and respect Malicious and non-malicious hackers, destroy data bases, take control 5. Personal evidence Cover a crime, cover a mistake, insider and external information destruction
  • 17. Motives 6. Institutional evidence Cover crime, cover bad decisions, cover misadventures, change clinical trials or research results, intimidate personnel 7. Perceived moral or idealism purpose Religious, cultural and philosophical radicals, demonstrate ideological or religious causes, labor unrest, domestic and foreign cultural agitation, “Robin Hood” motives 8. Military and national intelligence Information on readiness, composition and disposition of units, status and intent of forces, impact readiness through destruction of capability 9. Political and economic intelligence Gain information on individuals, gain advantage in international negotiations, obtain research and other valuable technical information that would be too expensive to develop by oneself or in failing block, keys, etc.
  • 18. Motives 10. Business intelligence Competitive advantage, trade secrets entrusted to government, illegally obtain product specifications or research content and results, illegally obtain data to conduct research 11. Terror Create life threatening situations, destroy care capability, weaken culture and values 12. Ignorance Intruders may be unaware that actions are illegal and punishable, consultants obtaining unauthorized password block, keys, etc.
  • 19. Solusi (rekomendasi) Teknologi (technology) Proses (process) Orang (people) Kepatuhan (compliance) Resiko (risk) Tata kelola keamanan informasi (information security governance)
  • 20. Tactics Stolen devices (laptop, flashdisk, harddisk, etc) Sniffing the network Social engineering Trojan Horse: A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software. Back Doors: In case the original entry point has been detected, having a few hidden ways back makes reentry easy and difficult to detect. Malicious Applets: Tiny programs, sometimes written in the popular java computer language, that misuse your computer's resources, modify files on the hard disk, send fake E-mail, or steal passwords.
  • 21. Pentingnya Melakukan Security Review Security requirement analysis Threat modeling IT infrastructure architecture analysis Code review Penetration testing Compliance audit Security maturity
  • 22. Conclusion To secure eHealth: a raised level of awareness, shared responsibility, constant risk assessment and testing procedures, the management of identified risks, and finally the most difficult issue of implementing truly comprehensive and steadfast legal and enforcing mechanisms It is important to apply Cyber Hygiene for all employees and medical staffs in the hospital
  • 23. Q & A Health IT Security Forum www.healthitsecurity.or g lookus@gmail.com hadisyahrial@gmail.com