Sign In

Communications of the ACM

ACM TechNews

Even Encrypted Medical Record Databases Leak Information

View as: Print Mobile App Share:
A leaky bucket, representing a leaky database.

A new study by Microsoft researchers has found many types of databases used to store electronic medical records are vulnerable to leaking information.


Many types of databases used for electronic medical records are vulnerable to leaking information, according to a new study from Microsoft researchers.  The databases use encryption, but that means the data has to be continually decrypted to be useful, and the encrypted information is often decrypted in a computer's memory, which is dangerous if cyberattackers can get access to that, the study found.  

The researchers demonstrated how sensitive medical information on patients could be stolen using four different attacks.  "When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered," the study says.  

The researchers focus on encrypted relational databases based on the design of CryptDB, and they recommend the studied systems "should not be used in the context" of electronic medical records.  They also say the attacks could be successful against human resource or accounting databases as well.

The study will be presented at the ACM Conference on Computer and Communications Security in October.

From IDG News Service
View Full Article


Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account