Ancaman Keamanan Pada e-Health

advertisement
Ancaman-ancaman Terhadap
Keamanan Informasi
Pada eHealth
(Security Threats in eHealth)
Hadi Syahrial
(Health IT Security Forum)
www.healthitsecurity.org
eHealth
• eHealth is the use of emerging information and communication
technology, especially the Internet, to improve or enable health and
health care.
• The term "eHealth" has evolved into the dominant term used by the
Information Technology (IT) industry and mass media to describe this area.
It was derived from the term "electronic commerce" ("eCommerce"),
which was coined in the mid-1990s to reflect the expanding commercial
use of the Internet.
• In addition to eHealth, other terms have been widely used in the past
several years to describe the application of information, computer, or
communication technology to some aspect of health or health care. These
terms include medical informatics, consumer health informatics, public
health informatics, telemedicine, telehealth, and interactive health
communication.
eHealth
http://www.who.int/trade/glossary/story021/en/
E-health is the transfer of health resources and health care
by electronic means. It encompasses three main areas:
The delivery of health information, for health
professionals and health consumers, through the
Internet and telecommunications.
Using the power of IT and e-commerce to improve
public health services, e.g. through the education and
training of health workers.
The use of e-commerce and e-business practices in
health systems management.
Data Breaches by Sector in 2012
Symantec: Internet Security Threat Report 2013 :: Volume 18
Ancaman-ancaman (threats)
• Pihak manajemen rumah sakit (CEO) tidak
sepenuhnya mengerti tentang resiko
keamanan informasi dan cara mengelola dan
menanganinya.
• Sulit mencari professional yang berbakat di
bidang keamanan informasi.
• Orang dalam (insiders) yang sengaja atau tidak
sengaja membocorkan informasi personal dan
rahasia.
Ancaman-ancaman (threats) - lanjutan
•
•
•
•
•
•
Hacktivists
Crime as a Service (CaaS)
Kebocoran informasi (Information leaks)
BYOD (bring your own device)
BYOC (bring your own cloud)
Regulasi (regulation) dari pemerintah tentang
keamanan informasi rumah sakit
• Big Data
Impact
• Pasien
• Keluarga
• Reputasi (reputation) rumah sakit
Solusi (rekomendasi)
•
•
•
•
•
•
Teknologi (technology)
Proses (process)
Orang (people)
Kepatuhan (compliance)
Resiko (risk)
Tata kelola keamanan informasi (information
security governance)
Pentingnya Melakukan
Security Review
•
•
•
•
•
•
•
Security requirement analysis
Threat modeling
IT infrastructure architecture analysis
Code review
Penetration testing
Compliance audit
Security maturity
Kesimpulan
• Penting menerapkan Cyber Hygiene untuk
semua karyawan dan operasional rumah sakit.
Terimakasih
• Q&A
Download