The use of the internet and web applications has significantly increased across various sectors, including education, healthcare, finance, and entertainment. However, web applications are highly vulnerable to various types of cyberattacks, such as SQL Injection, Cross-Site Scripting (XSS), and code injection, which can threaten the confidentiality, availability, and integrity of data. In line with technological advancements, the 2022 Ministry of Health regulation mandates that all healthcare facilities in Indonesia implement Electronic Medical Records (EMR). Universitas Andalas Hospital (RS UNAND) has adhered to this policy by developing a web-based EMR system. This study aims to evaluate and analyze the security of the EMR application used at RS UNAND. The Vulnerability Assessment process in this study was conducted using the Acunetix Web Vulnerability Scanner tool, which is designed to identify and assess vulnerabilities in web applications. The results of the first scan revealed that the RS UNAND EMR application had significant vulnerabilities, with a threat level of 3 (high). This scan identified 573 alerts, including 1 high-level, 253 medium-level, 2 low-level, and 317 informational alerts. These issues were followed by a thorough recap and further analysis to determine optimization steps. Several major vulnerabilities identified included HTML Form Without CSRF Protection, User Credentials Sent in Clear Text, Directory Listing, Source Code Disclosure, Git Repository Found, Multiple Vulnerabilities Fixed in PHP Versions, and Slow HTTP Denial of Service Attack. Optimization measures were then taken through a comprehensive review of the source code and enhancements to the security features of the EMR application. After the optimization, the second scan showed a significant reduction in the threat level, with the RS UNAND EMR application dropping to threat level 1 (low), with 12 alerts, consisting of 0 high and medium-level alerts, 9 low-level alerts, and 3 informational alerts. This study underscores the importance of regular security assessments and the optimization of security features to protect sensitive data in electronic medical record systems.

N. Albalawi, N. Alamrani, R. Aloufi, M. Albalawi, A. Aljaedi, and A. R. Alharbi, “The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities,” Electron., vol. 12, no. 12, 2023, doi: 10.3390/electronics12122664.

F. M. Alotaibi and V. G. Vassilakis, “Toward an SDN-Based Web Application Firewall: Defending against SQL Injection Attacks,” Futur. Internet, vol. 15, no. 5, pp. 1–15, 2023, doi: 10.3390/fi15050170.

M. S. Aliero, I. Ghani, K. N. Qureshi, and M. F. Rohani, “An algorithm for detecting SQL injection vulnerability using black-box testing,” J. Ambient Intell. Humaniz. Comput., vol. 11, no. 1, pp. 249–266, 2020, doi: 10.1007/s12652-019-01235-z.

M. Indushree, M. Kaur, M. Raj, R. Shashidhara, and H. N. Lee, “Cross Channel Scripting and Code Injection Attacks on Web and Cloud-Based Applications: A Comprehensive Review,” Sensors, vol. 22, no. 5, pp. 1–20, 2022, doi: 10.3390/s22051959.

Menteri Kesehatan RI, Peraturan Menteri Kesehatan Republik Indonesia No 24 Tahun 2022 Tentang Rekam Medis, No 24 2023. Menteri Kesehatan RI, 2022. [Online]. Available: https://yankes.kemkes.go.id/unduhan/fileunduhan_1662611251_882318.pdf

Jarupunphol, P. Seatun, S. Buathong, and Wipawan, “Measuring Vulnerability Assessment Tools’ Performance on the University Web Application,” Pertanika J. Sci. Technol., vol. 31, no. 6, pp. 2973–2993, 2023, doi: 10.47836/pjst.31.6.19.

A. Zirwan, “Pengujian dan Analisis Kemanan Website Menggunakan Acunetix Vulnerability Scanner,” J. Inf. dan Teknol., vol. 4, no. 1, pp. 70–75, 2022, doi: 10.37034/jidt.v4i1.190.

Guntoro, C. Loneli, and M. Musfawati, “Analisis Keamanan Web Server Open Journal System (Ojs) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning),” JIPI (Jurnal Ilm. Penelit. dan Pembelajaran Inform., vol. 5, no. 1, p. 45, 2020, doi: 10.29100/jipi.v5i1.1565.

E. Listartha, G. Arna, J. Saskara, D. Gede, and S. Santyadiputra, “Vulnerability Testing and Security Penetration on Prodi XYZ Thesis Management Web Applications,” Sci. Comput. Sci. Informatics J., vol. 4, no. 2, pp. 1–14, 2021.

F. Al Fajar, “Analisis Keamanan Aplikasi Web Prodi Teknik Informatika Uika Menggunakan Acunetix Web Vulnerability,” Inova-Tif, vol. 3, no. 2, p. 110, 2020, doi: 10.32832/inova-tif.v3i2.4127.

F. Kristianto, S. Rahman, and S. Bahri, “Analisis Kerentanan Pada Website Servio Menggunakan Acunetix Web Vulnerability,” Jtriste, vol. 9, no. 1, pp. 46–55, 2022, doi: 10.55645/jtriste.v9i1.363.

S. Sandy and H. H. Solihin, “Audit Keamanan dan Manajemen Risiko pada e-Learning Universitas Sangga Buana,” J. Manaj. Inform., vol. 11, no. 1, pp. 1–14, 2021, doi: 10.34010/jamika.v11i1.3641.