Individual contribution report

Secure Hospital System

Naga Manoj Makkena

Group 7

ASU ID :1223976728

Abstract
The main goal of the project is to build a Robust Overview
application i.e., a Secure Hospital System. The
subfields of the Secure Hospital System are patient The Secure Hospital System is an end-to-end
login portal, hospital staff login portal, doctor login Hospital Management System that provides
portal, lab staff login portal and admin login portal. various functionalities from patient registration
The functionality of each portal is further discussed to transactions. The main objective is to provide
in the subsequent sections. In general, the portal robust service to the users. The main importance
sores the login details of all user types. The is given to the backend development.
personal information of the patients. The patient
records, the prescriptions and diagnosis given by User Registration
the doctor, the lab test reports of the patients,
insurance claims made by the patients and the as
well as the login logs of the patient. The data
generated in the portal is to be securely stored so
that it will not be target to the threats. To store the
transactions made on the website the block chain
technology is used and validate the user the two-
factor authentication is used for multiple fields of
the website. The website developed is a prototype
developed to test the functionalities. The website
developed by our team are subjected to multiple
testing and this testing is done individually by the
This is the initial step of the application process, where the
student of the team. I am given an opportunity to
test the projects of two other teams other than patient needs to register before using the application and
ours. We as a team asked to respond on the will be able to access the features of the application such
vulnerabilities listed by the other team members as Booking appointments based on their requirement and
who did testing on our team project. availability of the Doctors.
Login & Signup
This page is used for the users to login by
authenticating the user provided details with the
details stored in the database as shown below.
Patient Portal
This portal had been ideally created for the
patients where the portal provides the below
functionalities
• To know the personal details and records of the
current patient
• Checking history and future appointment
details
• To check the lab records and reports • To
register for the appointments based on the
requirement and availability of the doctor
Doctor Portal
This portal had been ideally created for the doctor,
whose account will be created by the admin. Where
the portal provides the below functionalities.
• Provides the information regarding the
appointments and check patients past records
• Provide the diagnosis and prescription for their
respective patients
• To check the respective lab reports and complete
the appointment
Hospital Staff Portal
This portal had been identically created for the
Hospital Staff whose account will be created by the
admin. Where the portal provides the below
functionalities.
• To check all appointments, approve or reject
general appointments as per the doctor’s schedule
• View, Create and update patient records This portal had been identically created for the
Insurance Staff whose account will be created by
• Prepare the receipts, bills and complete the
the admin. Where the portal provides the below
transactions as per the patient records
functionalities.
Lab Staff Portal
• Check, approve or deny Claim requests raised by
patients

• Create new policies plan and coverages.

• Approve funds

Admin Portal

This portal had been identically created for the Lab

Staff whose account will be created by the admin.
Where the portal provides the below
functionalities.

• Check the patient details such as diagnoses, lab

tests and lab reports.

This portal had been identically created for the

Insurance Staff Portal Admin portal, hwose account will be created during
the deployment of the application. Where the portal
provides the below functionalities.

• Can verify the Sign-in and sign-out logs

• Create and view patient lab test, coverages,

approve or deny transactions

• Can Update, delete the internal staff details

Contribution

I had actively involved in designing the portal

for a secure hospital system at various stages of
its development. Identified different kinds of
questions that can be asked in the frequently
asked questions, Help and support center
section. Helped in writing the weekly report
and also Actively participated in the division of
work. I constantly coordinate with my team
members through physical and zoom meetings
and discharge my duties whenever necessary.
In the Design document, I have listed various
threats a website can experience and how those
threats challenge our website. The STRIDE
protocol explains the possible attacks the portal
may experience. The possible scenarios are
detailed and explained, and the use cases of
each threat are explained.
The STRIDE vulnerabilities are critical
because the patient data is precious to the
hospital and the patient. If the patient data is
stolen, there will be a threat to the hospital
because the data stolen from them can be used
against them. Challenging the website through
STRIDE and developing a solution to the
problems is an effective way to make the
website secure. In Spoofing, authentication is
violated. The attacker may change the data we
are entering into the system, change the path to
files, and change the filename, thus making the
file vanished. Data can be modified on a disk,
network, or memory in Tampering. They are
changing data in a spreadsheet and changing a
binary or configuration file on a disk. The
attacker can tamper with a file. In Repudiation,
the attacker can target the logs and may create
a problem in the log-analysis system. In
Information disclosure threats, error messages
can extract personal information. In denial of
service, the attack can be made on the code
responsible for providing the service. In the
elevation of privilege, the authorization can be
misused. The attacker can mitigate the data
over control flow. The attacker can attack the
system if authorization is not checked at every
path.
I coordinated with my teammate smriti to
describe the user guide necessary for an
application. Without the user guide, the user
cannot efficiently navigate the application. The
primary use of the user guide is to explain each
functionality implemented in the application
and state the limitations the website had. I
carefully listed the functionalities of patient
login, hospital staff login, lab assistant login,
doctor login, admin login, and insurance staff
login. Each logins function is described in the
user guide, along with images to illustrate the
functionalities.
I was responsible for populating the web site's
data and checking the functionalities were
correctly implemented. By Populating the data,
the students testing our project will have some
primary data to test the website.
Lessons Learned
We discussed during the project development
that we use python associated with Django to
design our website. Along with Django, we
have used various other technologies like
html5,css3, Github, and other required
technologies necessary to complete the project.
The primary skill I learned is working
in a team environment. In my team, If a task is
assigned to a specific member, that member
has absolute authority over that task. In this, we
did not overshadow the progress of the other
member and divided the work among us and
stuck to it. I became a team player and
understood how to cooperate with the team
members and work together.
The main tasks are to design what the
patient can ask frequent questions. If the
patient wants to contact the hospital, what
information should be selected from the patient
so that the hospital staff can respond to the
patient's query efficiently? Still unfortunately,
these features are not included in the project
since the chat robot is used to provide these
services to the patient.
In the document design, the threats
parts were written by me. During this time, I
have learned about various vulnerabilities the
website can become a target for and what
precautions are taken beforehand to sustain
these threats. I learned about different hacking
situations that happened in history. These
readings gave me a vision of what security
means in the real world, what vulnerabilities
are targeted in history, and what precautions
are taken to further those vulnerabilities.

REFERENCE

[1] Class lectures of Dr. Yau

[2] Adam Shostack, Threat Modeling : Designing
for Security, wiley,2014.
[3] Dafydd Stuttard, Marcus Pinto : The
Application Hacker’s Handbook : Finding and
Exploting Security Flaws 2nd Edition, 2011.
[4] Coursera Software security video lectures.