Understanding the Security and Performance of the Web Presence of Hospitals: A Measurement Study

Mohammed Alkinoon, Abdulrahman Alabduljabbar, Hattan Althebeiti, Rhongho Jang, Dae Hun Nyang, David Mohaisen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The recent transformation of healthcare medical records from paper-based to digital and connected systems raises concerns regarding patients' security and online privacy. For instance, sensitive personal information, such as patients' names, addresses, and social security numbers, may be targeted due to the lack of proper security and privacy mechanisms. Using a total of 4,774 hospitals categorized as government, non-profit, and proprietary hospitals, this study provides the first measurement-based analysis of hospitals' websites and connects the findings with data breaches through a correlation analysis. We study the security attributes of three categories, collectively and in contrast, against domain name-, content-, and SSL certificate-level features. We find that each type of hospitals has a distinctive characteristic of its utilization of domain name registrars, top-level domain distribution, and domain creation distribution, as well as content type and HTTP request features. Security-wise, and consistent with the general population of websites, only 1% of government hospitals utilized DNSSEC, in contrast to 6% of the proprietary hospitals. Alarmingly, we found that 25% of the hospitals used plain HTTP, in contrast to 20% in the general web population. Alarmingly too, we found that 8%-84% of the hospitals, depending on their type, had some malicious contents, which are mostly attributed to the lack of maintenance. We conclude with a correlation analysis against 414 confirmed and manually vetted hospitals' data breaches. Among other interesting findings, our study highlights that the security attributes highlighted in our analysis of hospital websites are forming a very strong indicator of their likelihood of being breached. Our analyses are the first step towards understanding patient online privacy, highlighting the lack of basic security in many hospitals' websites and opening various potential research directions.

Original languageEnglish
Title of host publicationICCCN 2023 - 2023 32nd International Conference on Computer Communications and Networks
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9798350336184
DOIs
StatePublished - 2023
Event32nd International Conference on Computer Communications and Networks, ICCCN 2023 - Honolulu, United States
Duration: 24 Jul 202327 Jul 2023

Publication series

NameProceedings - International Conference on Computer Communications and Networks, ICCCN
Volume2023-July
ISSN (Print)1095-2055

Conference

Conference32nd International Conference on Computer Communications and Networks, ICCCN 2023
Country/TerritoryUnited States
CityHonolulu
Period24/07/2327/07/23

Bibliographical note

Publisher Copyright:
© 2023 IEEE.

Keywords

  • Healthcare
  • Measurement
  • SSL Certificates
  • Web security

Fingerprint

Dive into the research topics of 'Understanding the Security and Performance of the Web Presence of Hospitals: A Measurement Study'. Together they form a unique fingerprint.

Cite this