Abstract
This study examines the security of the E-HOS System at RSUD Ibnu Sina Kab. Gresik, identifying critical threats and vulnerabilities, and offering mitigation strategies. Using qualitative methods, including interviews, observations, and documentation, data was collected from December 2022 to May 2023. The OCTAVE framework revealed 17 potential risk events, with user-related risks being the most significant, showing an RPN as high as 162 for access rights abuse. The study recommends implementing ISO 27001 controls—Access Control, Human Resource Security, and Communications Security—to enhance system security. These findings highlight the importance of robust IT security governance in healthcare settings.
Highlight:
Critical Risks: 17 events, highest risk in user access rights abuse.
Methodology: Used OCTAVE framework, interviews, observations, documentation.
Recommendations: Implement ISO 27001 controls: Access Control, HR Security, Communications Security.
Keyword: E-HOS System, SIMRS security, OCTAVE method, risk assessment, ISO 27001
Publisher
Universitas Muhammadiyah Sidoarjo
Reference27 articles.
1. D. R. A. Tiorentap, “Aspek Keamanan Informasi dalam Penerapan Rekam Medis Elektronik di Klinik Medical Check-Up MP,” 2020.
2. R. S. A. Gusni and I. W. W. Pradnyana, “Analisis Tata Kelola Keamanan Sistem Informasi Rumah Sakit Bhayangkara Sespima Polri Jakarta Menggunakan COBIT 2019,” 2021.
3. KEMENKES RI, “Peraturan Menteri Kesehatan Republik Indonesia Nomor 1171/MenKes/Per/VI/2011 Tentang Sistem Informasi Rumah Sakit.”
4. R. I. Menteri Kesehatan, “Peraturan Menteri Kesehatan Republik Indonesia Nomor 82 Tahun 2013 Tentang Sistem Informasi Manajemen Rumah Sakit.”
5. S. Nurul, S. Anggrainy, and S. Aprelyani, “Faktor-Faktor yang Mempengaruhi Keamanan Sistem Informasi: Keamanan Informasi, Teknologi Informasi dan Network (Literature Review SIM),” vol. 3, no. 5, pp. 2022.