Browse > Article
http://dx.doi.org/10.12811/kshsm.2015.9.2.023

A Study on Information Security Management of Hospital Web Sites  

Kim, Jong-Min (Department of Internet Business, Kosin University)
Ryu, Hwang-Gun (Department of Health Care Administration, Kosin University)
Publication Information
The Korean Journal of Health Service Management / v.9, no.2, 2015 , pp. 23-32 More about this Journal
Abstract
In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.
Keywords
Information Security Management; Privacy Information Protection; Hospital Web Sites; Vulnerability;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 MPIS(2014), Proceedings of Medical Center Privacy Information Security, pp.142-143.
2 Y.J. Jeon(2012), The Medical Information Protection and major Issues, J of The Korea Society of Computer and Information, Vol.17(12);251-258.   DOI   ScienceOn
3 HIMSS(2012), 2012 HIMSS Analytics Report: Security of Patient Data, Kroll, p.111.
4 E.S. Kang(2015), Information Security for CxO, Hanbit media, pp.60-61.
5 T. Lanowitz(2005), Now is the time for security at Application Level, Gartner Research, pp.3-7.
6 G.H. Kim(2014), Implementation and Design of Proxy System for Web vulnerability Analysis, JKIECS, Vol.9(9);1011-1018.
7 Y.K. Shin(2014), Evaluation of Vulnerabilities in the Hotel Industry's Website, J of Korean Academic Society of Hospitality Administration, Vol.23(3);123-143.
8 H.S. Jang(2012), Vulnerability Analysis using the Web Vulnerability Scanner, J. of Korea Convergence Security, Vol.12(4);71-76.
9 OWASP, http://www.owasp.org
10 J.H. Lee(2011), Study on the OWASP and WASC-oriented Web Application Security, The journal of Korea Navigation Institute, Vol.15(3);372-377.
11 MOPAS(2012), Guidelines for Protecting Privacy Information in Web Sites, Ministry of Public Administration and Security, pp.16-381.
12 Chris Sanders(2007), Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, No Starch Press, pp.2-12.
13 KISA(2010), User Guide for Safe Password 2010-22, KISA, pp.6-8.
14 Acunetix(2014), Web Vulnerability Scanner v.9.5 Product Manual, Acunetix, pp.36-37.
15 Y.K. Seong(2013), Internet & Security Focus 2013, Korea Internet & Security Agency, pp.73-74.
16 KISA(2013), Guide for Diagnosing and Eliminating Web Vulnerabilities, KISA, pp.13-32.
17 S.J. Ahn, S.M. Kwon(2005), A Development of the Model for Evaluating the Security of Information Systems in Health Care Organizations, J. of Koean Society of Hospital Management, Vol.10(4);98-112.
18 Y.J. Jeun(2013), EMR System and Patient Medical Information Protection, The Korean Journal of Health Service Management, Vol.7(3);213-223.   DOI   ScienceOn