Ancaman-ancaman Terhadap Keamanan Informasi

Pada eHealth(Security Threats in eHealth)

Hadi Syahrial(Health IT Security Forum)www.healthitsecurity.org

eHealth• eHealth is the use of emerging information and communication technology,

especially the Internet, to improve or enable health and health care.

• The term "eHealth" has evolved into the dominant term used by the Information Technology (IT) industry and mass media to describe this area. It was derived from the term "electronic commerce" ("eCommerce"), which was coined in the mid-1990s to reflect the expanding commercial use of the Internet.

• In addition to eHealth, other terms have been widely used in the past several years to describe the application of information, computer, or communication technology to some aspect of health or health care. These terms include medical informatics, consumer health informatics, public health informatics, telemedicine, telehealth, and interactive health communication.

eHealth http://www.who.int/trade/glossary/story021/en/

E-health is the transfer of health resources and health care by electronic means. It encompasses three main areas:

The delivery of health information, for health professionals and health consumers, through the Internet and telecommunications.

Using the power of IT and e-commerce to improve public health services, e.g. through the education and training of health workers.

The use of e-commerce and e-business practices in health systems management.

Data Breaches by Sector in 2012

Symantec: Internet Security Threat Report 2013 :: Volume 18

Ancaman-ancaman (threats)

• Pihak manajemen rumah sakit (CEO) tidak sepenuhnya mengerti tentang resiko keamanan informasi dan cara mengelola dan menanganinya.

• Sulit mencari professional yang berbakat di bidang keamanan informasi.

• Orang dalam (insiders) yang sengaja atau tidak sengaja membocorkan informasi personal dan rahasia.

• Hacktivists• Crime as a Service (CaaS)• Kebocoran informasi (Information leaks)• BYOD (bring your own device)• BYOC (bring your own cloud)• Regulasi (regulation) dari pemerintah tentang

keamanan informasi rumah sakit• Big Data

Ancaman-ancaman (threats) - lanjutan

Impact

• Pasien • Keluarga• Reputasi (reputation) rumah sakit

Solusi (rekomendasi)

• Teknologi (technology)• Proses (process)• Orang (people)• Kepatuhan (compliance)• Resiko (risk)• Tata kelola keamanan informasi (information

security governance)

Pentingnya MelakukanSecurity Review

• Security requirement analysis• Threat modeling• IT infrastructure architecture analysis• Code review• Penetration testing• Compliance audit• Security maturity

Kesimpulan

• Penting menerapkan Cyber Hygiene untuk semua karyawan dan operasional rumah sakit.

Terimakasih

• Q&A