‘Profile databases of many hospitals despite clear security’




Databases containing patient information from hospitals to third parties are still clear, even if they are encrypted. That shows research from Microsoft. Company employees analyzed the databases of two hundred US hospitals.

Medical doctor electronic health record EHR The researchers succeeded in an ‘alarming amount of “data, such as sex, race, age and other information out by weakening the security of the encrypted databases. It was actually personal data used by hospitals. 95 percent of all hospitals revealed sensitive information to leak.

The data, which were mostly used CryptDB, which is opensource and organizations in the state proposes to store encrypted data in a somewhat outdated database infrastructure. The scientists knew the encryption of the dte – and ope weaken -versleutelde columns, so they eventually were able to view the data as plain text.

In order to weaken the security of the researchers used a total of four attacks, of which there were two known and two newly. All attacks, which differed slightly and are detailed in a paper, there were at least aimed to decrypt the columns. With luck, it seems.

The researchers say their research shows that many DTE and ope-encrypted columns are not safe. Although they looked only at the columns of the electronic patient records at hospitals, but also think that the vulnerabilities apply to other systems. Next month they will present their findings at the ACM Conference on Computer and Communications Security.


In: Technology & Gadgets Asked By: [15554 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »