{"id":773,"date":"2009-02-06T21:05:08","date_gmt":"2009-02-07T05:05:08","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=773"},"modified":"2009-02-06T21:07:44","modified_gmt":"2009-02-07T05:07:44","slug":"more-on-electronic-medical-records","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/06\/more-on-electronic-medical-records\/","title":{"rendered":"More on Electronic Medical Records"},"content":{"rendered":"<p>As mentioned earlier in the blog in <a href=\"http:\/\/cubist.cs.washington.edu\/Security\/2009\/01\/22\/security-review-electronic-medical-records\/\">&#8220;Security Review: Electronic Medical Records,&#8221;<\/a> Google has started an electronic medical record database called  <a href=\"http:\/\/en.wikipedia.org\/wiki\/Google_Health\">Google Health<\/a>.\u00a0 Today, IBM and Google announced that they have made software to allow PDAs to upload information to health care databases such as Google Health.\u00a0 Google Health centralizes medical records for its users, by storing records entered manually or aggregating data from other related medical databases; the individual users decide who is authorized to access their records.\u00a0 The new software can allow doctors to update patient information more quickly, and facilitates information sharing between health care providers.\u00a0 As well as the obvious applications for sharing information between health care providers, <a href=\"http:\/\/www.computerworld.com\/action\/article.do?command=viewArticleBasic&amp;taxonomyId=15&amp;articleId=9127546&amp;intsrc=hm_topic\">the Computerworld article<\/a> on this technology suggests that the new software would allow authorized people to keep track of the health of an ill family member more easily, as the doctors add updates to the database more quickly.\u00a0 From the article, it was not obvious whether or not the software would also allow mobile devices to download records from the databases.<\/p>\n<p><!--more--><\/p>\n<p>Assets:<\/p>\n<ul>\n<li> <strong>The messages transmitted to the database<\/strong> from mobile devices need to be secure.\u00a0 There need to be measures to prevent the interception of the contents of those messages, and to prevent fake messages from being accepted as genuine.\u00a0 The interception of single messages would be a breach of privacy, and the transmission of fake messages could interfere with the doctors\u2019 work (and certain possibly hazardous to the patient\u2019s health).<\/li>\n<li> <strong>The PDAs themselves<\/strong> are another tempting asset.\u00a0 They need to have some measures to ensure that, if they fall into the wrong hands, they cannot be used to send or receive sensitive information.\u00a0 An attacker could use an unprotected PDA to add any arbitrary data to a patient\u2019s medical records.\u00a0 Also, if the PDAs will be able to access the database (and it\u2019s not clear yet if that will be a feature), an attacker might use one to gain embarrassing information (e.g. \u201cYou\u2019re actually bald and that\u2019s a toupee!\u201d), or even dangerous information (e.g. a list of allergies).<\/li>\n<\/ul>\n<p>Adversaries, Threats:<\/p>\n<ul>\n<li> Some adversaries might be individuals who want to steal medical information about patient.\u00a0\u00a0 For example employees of a shady Pharmaceutical advertising company wanting information for targeted advertisements, or a personal enemy of the patient looking for a list of harmful allergies or other weaknesses.\u00a0 They could attempt to gain access to one of these aggregated medical databases by stealing a doctor\u2019s PDA (assuming that the device is also able to access records).<\/li>\n<li> There might also be people who want to harm the patient by adding fake data to the medical records\u00a0 database.\u00a0 They might accomplish this by stealing the PDA or by imitating a message from a PDA using one of their own devices.<\/li>\n<\/ul>\n<p>Weaknesses:<\/p>\n<ul>\n<li> The fact that transmissions will be over wireless makes messages from the PDAs easy to intercept by anyone with the right equipment who is close enough.<\/li>\n<li> The use of small mobile devices like PDAs for communicating with the databases is another vulnerability.\u00a0 PDAs would be easy to steal compared to larger computers, and they could be easily concealed by a thief.<\/li>\n<\/ul>\n<p>Defenses:<\/p>\n<ul>\n<li> An obvious defense for the wireless messages is to encrypt them before transmission.\u00a0 This results in security only as strong as the encryption algorithm.<\/li>\n<li> Instead of allowing users to log in for a session at a time, the software on the mobile devices could require the user to enter a password before each individual database access.\u00a0 This would be more bothersome to the healthcare professionals using them, but it would help prevent a stolen PDA from being used to get to the database.<\/li>\n<\/ul>\n<p>Risks:<\/p>\n<ul>\n<li> With a good encryption algorithm, the danger of messages being intercepted or faked over the wireless connection can be greatly reduced.\u00a0 Even if an attacker can intercept and interpret some individual messages, that data most likely be harmful, since the attacker cannot choose which pieces of data are being transmitted.\u00a0 Also, close coordination between doctors involved with a patient might reduce the risk of a successfully planted false entry to the database being harmful.\u00a0 As long as smart procedures are followed, the risks from using wireless transmissions should hopefully be small.<\/li>\n<li> The threat of a stolen PDA is a much greater danger.\u00a0 It is not likely that a defense as inconvenient as the one proposed above would actually be implemented.\u00a0 This means that an attacker might be able to steal a PDA that is already logged in and use it to alter or possibly read the database.<\/li>\n<\/ul>\n<p>Conclusion<br \/>\nThe ability to access a medical database like Google Health using a mobile device will be very convenient for doctors and will help them coordinate more easily.\u00a0 However, the risk that a PDA could be stolen for malicious use is serious, and the potential damage could easily outweigh the benefits of convenience.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As mentioned earlier in the blog in &#8220;Security Review: Electronic Medical Records,&#8221; Google has started an electronic medical record database called Google Health.\u00a0 Today, IBM and Google announced that they have made software to allow PDAs to upload information to &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/06\/more-on-electronic-medical-records\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":95,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,5],"tags":[172],"class_list":["post-773","post","type-post","status-publish","format-standard","hentry","category-privacy","category-security-reviews","tag-add-new-tag"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/773","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/95"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=773"}],"version-history":[{"count":7,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/773\/revisions"}],"predecessor-version":[{"id":789,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/773\/revisions\/789"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}