Many types of databases used for electronic medical records are vulnerable to leaking information, according to a new study from Microsoft researchers. The databases use encryption, but that means the data has to be continually decrypted to be useful, and the encrypted information is often decrypted in a computer's memory, which is dangerous if cyberattackers can get access to that, the study found.
The researchers demonstrated how sensitive medical information on patients could be stolen using four different attacks. "When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered," the study says.
The researchers focus on encrypted relational databases based on the design of CryptDB, and they recommend the studied systems "should not be used in the context" of electronic medical records. They also say the attacks could be successful against human resource or accounting databases as well.
The study will be presented at the ACM Conference on Computer and Communications Security in October.
From IDG News Service
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA