Ancaman-ancaman Terhadap Keamanan Informasi Pada eHealth (Security Threats in eHealth) Hadi Syahrial (Health IT Security Forum) www.healthitsecurity.org eHealth • eHealth is the use of emerging information and communication technology, especially the Internet, to improve or enable health and health care. • The term "eHealth" has evolved into the dominant term used by the Information Technology (IT) industry and mass media to describe this area. It was derived from the term "electronic commerce" ("eCommerce"), which was coined in the mid-1990s to reflect the expanding commercial use of the Internet. • In addition to eHealth, other terms have been widely used in the past several years to describe the application of information, computer, or communication technology to some aspect of health or health care. These terms include medical informatics, consumer health informatics, public health informatics, telemedicine, telehealth, and interactive health communication. eHealth http://www.who.int/trade/glossary/story021/en/ E-health is the transfer of health resources and health care by electronic means. It encompasses three main areas: The delivery of health information, for health professionals and health consumers, through the Internet and telecommunications. Using the power of IT and e-commerce to improve public health services, e.g. through the education and training of health workers. The use of e-commerce and e-business practices in health systems management. Data Breaches by Sector in 2012 Symantec: Internet Security Threat Report 2013 :: Volume 18 Ancaman-ancaman (threats) • Pihak manajemen rumah sakit (CEO) tidak sepenuhnya mengerti tentang resiko keamanan informasi dan cara mengelola dan menanganinya. • Sulit mencari professional yang berbakat di bidang keamanan informasi. • Orang dalam (insiders) yang sengaja atau tidak sengaja membocorkan informasi personal dan rahasia. Ancaman-ancaman (threats) - lanjutan • • • • • • Hacktivists Crime as a Service (CaaS) Kebocoran informasi (Information leaks) BYOD (bring your own device) BYOC (bring your own cloud) Regulasi (regulation) dari pemerintah tentang keamanan informasi rumah sakit • Big Data Impact • Pasien • Keluarga • Reputasi (reputation) rumah sakit Solusi (rekomendasi) • • • • • • Teknologi (technology) Proses (process) Orang (people) Kepatuhan (compliance) Resiko (risk) Tata kelola keamanan informasi (information security governance) Pentingnya Melakukan Security Review • • • • • • • Security requirement analysis Threat modeling IT infrastructure architecture analysis Code review Penetration testing Compliance audit Security maturity Kesimpulan • Penting menerapkan Cyber Hygiene untuk semua karyawan dan operasional rumah sakit. Terimakasih • Q&A