Web vulnerability study of online pharmacy sites

Informatics for Health and Social Care

Volumn 36, Issue 1, 2011, Pages 20-34

  Kuzma, Joanne ^a  

^a UNIVERSITY OF WORCESTER   (United Kingdom)

Author keywords

N Stalker; online pharmacies; Security; web applications

Indexed keywords

DRUG;

ARTICLE; ARTIFICIAL INTELLIGENCE; COMPUTER INTERFACE; COMPUTER PROGRAM; COMPUTER SECURITY; HUMAN; INFORMATION RETRIEVAL; INTERNET; ORGANIZATION AND MANAGEMENT; PHARMACY; PRESCRIPTION; STATISTICS;

ARTIFICIAL INTELLIGENCE; COMPUTER SECURITY; DRUG PRESCRIPTIONS; HUMANS; INFORMATION STORAGE AND RETRIEVAL; INTERNET; PHARMACEUTICAL PREPARATIONS; PHARMACEUTICAL SERVICES; SECURITY MEASURES; SOFTWARE; USER-COMPUTER INTERFACE;

EID: 79954561890     PISSN: 17538157     EISSN: 17538165     Source Type: Journal    
DOI: 10.3109/17538157.2010.520418     Document Type: Article

References (39)

1. Castro-Edwards J. Data protection: Where are we now? Journal of Database Marketing and Customer Strategy Management 2008;15:285-292.
2. Cenzic [Internet]. Web Application Security Trends Report Q3-Q4, 2008. Available from: http://www.cenzic. com/downloads/Cenzic-AppSecTrends-Q3-Q4-2008. pdf (accessed 28 February 2010).
3. Open Web Application Security Project (OWASP) [Internet]. Top 10 2007. Available from: http:// www.owasp.org/index.php/Top-10-2007#Introduction (accessed 1 February 2010).
4. SANS Institute [Internet]. SANS Top-20 2007 Security Risks (2007 Annual Update). Available from: http:// www.sans.org/top20/#s1 (accessed 27 December 2009).
5. Claburn T. [Internet]. Online pharmacy risks rising. Information Week. Available from: http://www.informationweek. com/news/internet/security/ showArticle.jhtml?articleID=210200864 (accessed 7 February 2010).
6. PharmacyChecker.com [Internet]. Online prescription drug searches surge 34% over past twelve months. Available from: http://www.pharmacychecker.com/ news/online-drug-searches-surge-040609.asp (accessed 27 February 2010).
7. U.S. Census Bureau News [Internet]. Income, poverty, and health insurance coverage in the United States: 2007. U.S. Census Bureau. Available from: http://www.census.gov/prod/2008pubs/p60-235.pdf (accessed 3 March 2010).
8. CBC News [Internet]. Prescription drugs: more business for Canadia online pharmacies? Available from: http:// www.cbc.ca/health/story/2009/02/27/f- onlinedrugs.html (accessed 27 February 2010).
9. Cook D, Joseph J, Morton R. Quality drivers for e-pharmaceuticals system management: A theoretical framework. International Journal of Electronic Business 2004;2:174-192.
10. Quon B, Firszt R, Eisenberg M. A comparison of brand-name drug prices between Canadian-based Internet pharmacies and major U.S. drug chain pharmacies. Annals of Internal Medicine 2005;143:397-403.
11. U.S. General Accounting Office [Internet]. Internet pharmacies - adding disclosure requirements would aid state and federal oversight. Available from: www.gao.gov/cgi-bin/getrpt?GAO-01-69 (accessed 4 March 2010).
12. Hubbard WK. Internet pharmacy consumer safeguards. FDCH Congressional Testimony, March 27, 2003. Available from: http://www.hhs.gov/asl/testify/ t040318.html (accessed 27 February 2010).
13. Choy A, Hudson Z, Pritts J. [Internet]. Exposed online: Why the new federal health privacy regulation doesn't offer much protection to Internet users. Report of the Pew Internet & American Life Project, Health Privacy Project. Available from: http://www.pewinternet.org/~/media//Files/Reports/2001/ PIP-HPP-HealthPriv-report. pdf.pdf (accessed 1 March 2010).
14. U.S. Federal Trade Commission (FTC) [Internet]. Health breach notification rule. Available from: http:// www.ftc.gov/os/2009/04/ R911002healthbreach.pdf (accessed 27 February 2010).
15. Mello J. [Internet]. Online pharmacy Brandjacking: buyer beware. E-Commerce Times. Available from: http:// www.ecommercetimes.com/rsstory/58999. html?wlc=1243690944 (accessed 20 February 2010).
16. National Association of Boards of Pharmacy (NABP) [Internet]. NABP findings underscore dangers of purchasing prescription medicine online and from foreign sources. Available from: http://www.nabp.net/news/ nabp-findings- underscore-dangers-of-purchasing-prescription-medicine-online-and-from-foreign- sources/ (accessed 7 March 2010).
17. Collmann J, Cooper T. Breaching the security of the Kaiser permanente Internet patient portal: The organizational foundations of information security. Journal of the American Medical Informatics Association 2007;14:239-243. (Pubitemid 46275492)
18. Office of the Privacy Commissioner of Canada [Internet]. PIPEDA case summary #2005-310, Commissioner initiated complaints against Internet pharmacies. Available from: http://www.priv.gc.ca/cf-dc/2005/310-2005 0525-e.cfm (accessed 7 March 2010).
19. IBM [Internet]. Rational AppScan. Available from: http://www-01.ibm.com/ software/awdtools/appscan/standard/ features/?S-CMP=rnav&S-CMP=rnav (accessed 26 February 2010).
20. IBM [Internet]. Trial: rational AppScan. Available from: http://www.ibm.com/developerworks/downloads/r/ appscan/learn.html?S-TACT= 105AGX28&S-CMP=TRIALS (accessed 26 February 2010).
21. Tenable Network Security [Internet]. Nessus vulnerability scanner features. Available from: http://www. tenablesecurity.com/nessus/features/ (accessed 7 March 2010).
22. eEye Digital Security [Internet]. Retina network security scanner. Available from: http://www.eeye.com/html/ products/retina/specs/index.html (accessed 12 March 2010).
23. Advanced Research Corporation [Internet]. Security auditor's research assistant. Available from: http://wwwarc. com/sara/ (accessed 27 February 2010).
24. N-Stalker [Internet]. N-Stalker Free Edition. Available from: http://nstalker.com/products/free (accessed 28 January 2010).
25. N-Stalker [Internet]. N-Stalker Security Checks. Available from: http://nstalker.com/products/security-checks (accessed 28 January 2010).
26. Cox M. [Internet]. Apache Security Secrets: Revealed. Los Angeles, CA: Proceedings of ApacheCon 2002. Available from: http://www.awe.com/mark/talks/ tu04-handout.pdf (accessed 15 January 2010).
27. W3C [Internet]. Hypertext transfer protocol - HTTP/1.1 RFC 2616 Method Definitions. Available from: http:// www.w3.org/Protocols/rfc2616/rfc2616-sec9. html (accessed 17 January 2010).
28. W3C [Internet]. RFC 2616: Hypertext Transfer Protocol - HTTP/1.1. Available from: http://www.w3.org/ Protocols/rfc2616/rfc2616.html (accessed 17 January 2010).
29. SANS Institute [Internet]. SANS Top-20 2007 - Cross Site Scripting. Available from: http://www.owasp.org/ index.php/Top-10-2007-A1 (accessed 24 February 2010).
30. SANS Institute [Internet]. SANS Top-20 2007 - Injection Flaws. Available from: http://www.owasp.org/ index.php/Top-10-2007-A2 (accessed 24 February 2010).
31. SANS Institute [Internet]. Buffer Overflow. Available from: http://www.owasp.org/index.php/Buffer-Overflow (accessed 24 February 2010).
32. Ko M, Dorantes, C. The impact of information security breaches on financial performance of the breached firms: An empirical investigation. Journal of Information Technology Management 2006;17:13-22.
33. White K. [Internet]. Breach costs on the up. Computer Business Review. Available from: http:// www.cbronline.com/news/datalossmeanslostcustom-020209 (accessed 27 February 2010).
34. Waters J. IT security: Target: The Web. T.H.E. Journal. Available from: http://thejournal.com/Articles/2009/02/01/ IT-Security-Target-The-Web.aspx (accessed 15 February 2010).
35. Moscaritolo A. [Internet]. Web apps account for 80 percent of internet vulnerabilities. SC Magazine. Available from: http://www.scmagazineus.com/Web- apps-account-for-80-percent-of-internet-vulnerabilities/article/129027/ (accessed 6 March 2010).
36. Salomon K, Cassat P, Thibeau B. [Internet]. IT security for higher education: A legal perspective. EDUCAUSE. Available from: http://net.educause. edu/ir/library/pdf/CSD2746.pdf (accessed 15 February 2010).
37. Luo W, Najdawi, M. Trust-building measures: A review of consumer health portals. Communications of the ACM 2004;47:109-113.
38. TRUSTe [Internet]. Making sense of Web site privacy and security seals. AvailableP from: http://www. truste.com/privacy-seals-and-services/consumer- privacy/Seal-Comparisons.html (accessed 15 February 2010).
39. Yap K, Raaj S, Chan A. OncoRx-IQ: A tool for quality assessment of online anticancer drug interactions. International Journal for Quality in HealthCare 2010;22:93-106.