Information Security Risk Assessment in Hospital Management Information Systems Using the ISO/IEC 27005:2022 Framework(Case study: XYZ Hospital )

Abstract

The hospital management information system (SIMRS) is a crucial system supporting hospital operations, from patient recording, medical data management, to administration and finance. Information security in SIMRS is very important because this system handles sensitive and personal patient data, as well as critical hospital operational information. To overcome these challenges, implementing effective security controls in SIMRS is critical. One method that has been proven effective is ISO/IEC 27005:2022, which is an international standard that provides guidance for information security risk management. The results of this research provide guidance for hospitals in managing information security risks and also increase awareness of the importance of information security in the health sector.