Detection and Control of Phishing Attack in Electronic Medical Record Application

Advancement in Information and Communication Technology (I&CT) has wide applications in medical field. The patient record can be stored electronically instead of files. Electronic Medical Record (EMR) is a collection of application program that collects and stores the patient data in servers. Data are retrievable by patients or doctors from any part of the globe via the internet. The disadvantage is that several attacks are possible, and one such attack is the phishing attack. In phishing attack, the attacker replicates the original web application to collect data in an unauthorized way. This paper provides an insight into the phishing attack in an EMR and the possible ways to overcome the phishing attack. The solution is provided by role-based authentication that ensures only privileged users get access to the EMR, thereby preventing the threat of patient’s data misuse. The application is tested for a potential attack on the pre- and post-implementation scenarios.