Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
ICT Security of an Electronic Health Record System: an Empirical Investigation: An in depth investigation of ICT security in a modern healthcare system
KTH, School of Computer Science and Communication (CSC).
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
ICT-säkerhet inom vårdsystem:en empirisk undersökning (Swedish)
Abstract [en]

An empirical investigation of the security flaws and features of an in-use modern electronic health record system is performed. The investigation was carried out using dynamic analysis, manual testing and interviews with developers. The results indicate that in-use electronic health record systems suffer from serious authentication flaws, arising from the interaction of many different proprietary systems. The authentication problems are so severe that gaining access to any user’s computer on the hospital intranet would compromise a large database of patient medical records, including radiological data regarding the patients. Common web vulnerabilities were also present, such as injections and incorrectly configured HTTP security headers. These vulnerabilities were heavily mitigated by the use of libraries for constructing web interfaces.

Abstract [sv]

En empirisk undersökning av säkerheten inom ett modernt elektroniskt patientjournal-system har utförts. Undersökningen genomfördes med hjälp av dynamisk analys, manuell testning och intervjuer med utvecklarna. Resultatet indikerar att system för elektroniska patientjournaler har stora brister inom autentisering, vilka uppstår p.g.a. att flera olika kommersiella system måste samarbeta. Problemen är så allvarliga att med tillgång till en enda dator på intranätet kan en stor databas med patientdata äventyras, inklusive radiologisk data gällande patienterna. Vanliga websårbarheter fanns också, så som injektioner av skript och inkorrekt konfigurerade HTTP säkerhetsheaders. Dessa sårbarheter mitigerades starkt genom användandet av bibliotek för webinterface.

Place, publisher, year, edition, pages
2016. , 30 p.
Keyword [en]
security EHR electronic health record hospital computer network static dynamic manual analysis
National Category
Computer Science
Identifiers
URN: urn:nbn:se:kth:diva-194121OAI: oai:DiVA.org:kth-194121DiVA: diva2:1037679
External cooperation
CSAM Sweden AB
Subject / course
Computer Technology, Networks and Security
Educational program
Master of Science in Engineering -Engineering Physics
Supervisors
Examiners
Available from: 2016-10-17 Created: 2016-10-17 Last updated: 2016-10-17Bibliographically approved

Open Access in DiVA

fulltext(681 kB)149 downloads
File information
File name FULLTEXT01.pdfFile size 681 kBChecksum SHA-512
3787f04fbf79912803dac8c3e4a35984c6cf1ef758c0112d31b0927917a07033ae9306ba25ca5f9939aa3f5fb81cc9588a10f9a43b922c5ad37b84b2fb9d36a1
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Kvastad, Johan
By organisation
School of Computer Science and Communication (CSC)
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 149 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 274 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf