Authors:
Julián Gómez
1
;
Miguel Á. Olivero
2
;
J. A. García-García
1
and
María J. Escalona
2
Affiliations:
1
Web Engineering and Early Testing (IWT2, Ingenier´ıa Web y Testing Temprano), University of Seville, Spain
;
2
Web Engineering and Early Testing (IWT2, Ingeniería Web y Testing Temprano), University of Seville, Spain
Keyword(s):
Audit, Cybersecurity, Odoo, Healthcare, Pentest, Pentesting, Security.
Abstract:
Healthcare institutions is an ever-innovative field, in which modernization is moving forward taking giant steps. This modernization, so called “digitization”, brings up some concerns that should be carefully considered. Currently, the most sensible concerning in this field is the management of Electronic Health Record and patients’ data privacy. Health-related data in healthcare systems are under strict regulations, such as the EU’s General Data Protection Regulation (GDPR), whose non-compliance imposes huge penalties and fines. Cybersecurity in healthcare plays an important role at protecting these sensitive data, which are highly valuable for criminals. Security experts follow already existing security frameworks to orchestrate the security assessment process, so that the auditing process is as complete and as organized as possible. This study extends the lifecycle of a security assessment framework and conducts an exploitation and vulnerabilities’ analysis on an actual industrial
scenario. The results of this security audit shows that even if the system is heavily fortified, there can be still some vulnerabilities.
(More)