A Practical Experience Applying Security Audit Techniques in an Industrial e-Health System Which Uses an Open Source ERP

Description

Healthcare institutions is an ever-innovative field, in which modernization is moving forward taking giant steps. This modernization, so called "digitization", brings up some concerns that should be carefully consid ered. Currently, the most sensible concerning in this field is the management of Electronic Health Record and patients' data privacy. Health-related data in healthcare systems are under strict regulations, such as the EU's General Data Protection Regulation (GDPR), whose non-compliance imposes huge penalties and fines. Cy bersecurity in healthcare plays an important role at protecting these sensitive data, which are highly valuable for criminals. Security experts follow already existing security frameworks to orchestrate the security assess ment process, so that the auditing process is as complete and as organized as possible. This study extends the lifecycle of a security assessment framework and conducts an exploitation and vulnerabilities' analysis on an actual industrial scenario. The results of this security audit shows that even if the system is heavily fortified, there can be still some vulnerabilities.

Abstract

Ministerio de Ciencia, Innovación y Universidades PID2019-105455GB-C31

Abstract

Junta de Andalucía US-1251532

Additional details