Embed Size (px)
DESCRIPTION
The EHR is a longitudinal electronic record of a patient health information generated by one or more encounters in any care delivery setting. This Presentation Will tell what is EHR and Why Security of EHR Is Needed ?
Citation preview
What is an EHR?What is an EHR?
The EHR is a longitudinal electronic record of a patient health information generated by one or more encounters in any care delivery setting.
Advantages of EHRAdvantages of EHRCost can be reducedQuality of care can be improved
Record can be kept easilyMobility
Why Security of EHR Is Why Security of EHR Is Needed ?Needed ?
INSIDER ATTACKS
An Insider attack occurs when employees with legitimate access to their organization
information systems use these systems to sabotage their
organization IT infrastructure or commit fraud.
SOFTWARE SECURITY REQUIREMENTS
SOFTWARE SECURITY REQUIREMENTS
Use cases
Misuse cases
It specifies a negative use case i.e. behavior that is not allowed in the proposed system.
It is a description of the possible sequences of interactions between the system and it’s external actors.
Certification of EHR Certification of EHR SystemsSystemsIts certification began in 2006
It is primarily conducted by the Certification Commission of Healthcare IT (CCHIT)
Why EHR Systems Are Attacked ?
For Health Records
For ServiceFor Identity And Billing Information
Exploits Done On Targeted
Applications
Exploits Done On Targeted
Applications
Implementation Bugs
Design Flaws
They are code level software problems.
They are high-level problems associated with the architecture and design of the system.
Implementation Bugs Session Hijacking
Cross-Site Scripting
Phishing
SQL Injections
PDF ExploitsDenial of Service: File Uploads
Authorization Failure
SQL InjectionsSQL Injections
In this, an attacker exploits a lack of input validation to force unintended system behavior by inserting reserved words or characters into input fields that will alter the logical structure of a SQL statement.
Performed on
Admin Login - Amskrupajal.orgwww.giantstudios.com/buy-soft/adminlogin.aspwww.quickwrench.net/
Cross-Site Scripting
Cross-Site Scripting
It’s a computer security vulnerability that enables malicious attackers to inject client side script into web-page viewed by other users.
Denial of Service: File Uploads
Denial of Service: File Uploads
In this the attacker changes the state of web server to slow or unresponsive.
PhishingPhishing
It is an attempt to acquire sensitive information such as user names, passwords etc. by masking as a trustworthy entity.
Lack of Authorization
control
Lack of Authorization
control
In this the patient’s confidential health records and personal identification information can be viewed by the attacker.
ConclusionConclusion
The EHR will soon have ….
Better privacy and security protections …
Information will be available when we need it …
BibliographyBibliography1) Research paper
2) http://www.ncrr.nih.gov/publications/informatics/ehr.pdf
3) http://www.hhs.gov/health/healthnetwork/background/
4) Wikipedia.
5)http://mhcc.maryland.gov/electronichealth/mhitr/EHR
%20Links /challenges_to_ehr.pdf
7) www.drivencompany.com/nist.cfm
8) http://go4webapps.com/2010/04/24/webscarab-web-security-
application-testing-tool/
THANK YOU
Submitted by:
Shivani TyagiAnurag Deb
