Download PDFOpen PDF in browser

Towards an Incident Response Framework for Database Management Systems: the Case of a Tertiary Hospital in South-South Nigeria

EasyChair Preprint 9811

11 pagesDate: March 2, 2023

Abstract

Health-providing institutions can no longer handle cyber security issues associated with using Hospital Database Management Systems (HDMS) with kid gloves. Data breaches in HDMS are a severe threat to the underlining business objective. The damaging effects of data breaches result in loss of sensitive data, operational downtime, financial losses, and reputational harm. Often, this leads to stigmatization, discrimination, insurance loss, employment loss and, in extreme cases, legal action. This study investigates the Hospital Database Management system in a selected hospital in South-South Nigeria for the possibility of a medical record data breach. A closed-ended questionnaire was administered on medical record staff of the hospital to ascertain the security status of the HDMS. Based on the data collected and analysed, a concise penetration test was carried out on the hospital database to expose instances of data breaches from the network. Findings from the Pentest proved that information systems could be affected by inherent threats and vulnerabilities. The study designed an incident response framework according to the NIST.SP.800-61R2 standard, which was later implemented and evaluated on the existing HDMS for data breach mitigation in the selected hospital. The designed incident response framework (IRF) serves as a paradigm for hospitals where a proper incident response plan is lacking. The study recommends that hospitals carry out penetration tests on their information systems from time to time to uncover red flags for data breaches. The IRF should be implemented on information systems as recommended by NIST.SP.800-61R2 to mitigate medical data breaches.

Keyphrases: Computer security incidents, Data Breach, Hospital database management system, Incident response framework, penetration testing

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
@booklet{EasyChair:9811,
  author    = {Leton Rebecca Nsereka and Irene Govender},
  title     = {Towards an Incident Response Framework for Database Management Systems: the Case of a Tertiary Hospital in South-South Nigeria},
  howpublished = {EasyChair Preprint 9811},
  year      = {EasyChair, 2023}}
Download PDFOpen PDF in browser