The effectiveness of EHR data encryption has been placed in doubt following the release of a research paper by Microsoft: A stern warning of data encryption security vulnerabilities has also been issued covering all encryption systems based on CryptDB.
Researchers are due to present the results from their security study at the ACM Conference on Computer and Communications Security, which is due to take place next month. The paper has however been made available before the presentation, and due to the high risk of the vulnerabilities actually being used by malicious outsiders to gain access to healthcare databases, a warning was issued to all healthcare providers using CryptDB-based encryption systems for their EHRs.
Microsoft’s team of researchers discovered that EHR databases have a tendency to leak data, even when encryption has been employed. Four methods of accessing data were uncovered by the team, which could all be used by hackers to bypass the encryption controls and gain access to data.
The theoretical security vulnerabilities were put to the test by the team to see if it was actually possible in practice to gain access to EHR data. The team was able to confirm that the vulnerabilities could actually be exploited. They managed to gain access to a considerable amount of data, which included patient names, ages, race, hospital admission dates and other Protected Health Information.
One test of a system using CryptDB resulted in highly sensitive data being obtained by the research team. This included information about diagnosed diseases, mortality risk, patient ages, hospital admission dates and admission types. The leaked data was not an anomaly with a single system. The researchers were able to replicate their “hacks” and obtain similar data from 80% of patients.
Because the security flaws make the encryption software so susceptible to attack, the researchers have warned healthcare providers using CryptDB-based encryption systems to immediately start searching for an alternate system. A failure to do so could see their system exploited, potentially exposing all data stored in their encrypted EHR databases.
What is particularly alarming is the fact that CryptDB is not uncommon. Many healthcare providers use EHR data encryption system based on CryptDB. The team announced that attacks were possible on over 95% of the top 200 hospitals in the country, indicating the huge scale of the problem.
The system has proved popular since it allows SQL queries to be performed on data that have been encrypted speeding up access to medical records. However the property-preserving encryption scheme (PPE) is vulnerable.
This is not the first time that PPE has been found to have issues resulting in leaked data; however, in spite of those issues, the Microsoft study was the first of its kind to actually test the encryption system comprehensively and was the first to quantify the risks.
The researchers explained the issue: “When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered.”
The security vulnerabilities with EHR data encryption are a serious issue, but the team said the same techniques could be used to gain access to data stored in accounts and HR files. Patient as well as company data is therefore at risk.