Sign In

Communications of the ACM

ACM TechNews

Even Encrypted Medical Record Databases Leak Information


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A leaky bucket, representing a leaky database.

A new study by Microsoft researchers has found many types of databases used to store electronic medical records are vulnerable to leaking information.

Credit: LeadLiaison.com

Many types of databases used for electronic medical records are vulnerable to leaking information, according to a new study from Microsoft researchers.  The databases use encryption, but that means the data has to be continually decrypted to be useful, and the encrypted information is often decrypted in a computer's memory, which is dangerous if cyberattackers can get access to that, the study found.  

The researchers demonstrated how sensitive medical information on patients could be stolen using four different attacks.  "When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered," the study says.  

The researchers focus on encrypted relational databases based on the design of CryptDB, and they recommend the studied systems "should not be used in the context" of electronic medical records.  They also say the attacks could be successful against human resource or accounting databases as well.

The study will be presented at the ACM Conference on Computer and Communications Security in October.

From IDG News Service
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found