Even with encryption, EMR data at risk

'While encryption could offer some protections ... it also has serious limitations'
By Mike Miliard
05:45 AM

A recent security report by Microsoft finds that, even when cloaked in encryption technology, "an alarming amount of sensitive information can be recovered" from electronic medical record databases.

For the report, "Inference Attacks on Property-Preserving Encrypted Databases," which included 200 hospitals, researchers from Microsoft, University of Illinois and Portland State University examined four types of cyberattacks targeted at EMRs.

Specifically, they probed the response of relational databases using the CryptDB design, which enables SQL queries on scrambled data.

"Many encrypted database systems have been proposed in the last few years as cloud computing has grown in popularity and data breaches have increased," write the researchers, Seny Kamara, Muhammad Naveed and Charles V. Wright. Such systems, most based on CryptDB, make use of "property-preserving encryption schemes such as deterministic (DTE) and order-preserving encryption (OPE)."

The researchers modeled "a series of attacks that recover the plaintext from DTE- and OPE-encrypted database columns using only the encrypted column and publicly-available auxiliary information."

Such cyberassaults – "including frequency analysis and sorting, as well as new attacks based on combinatorial optimization" – proved more damaging to encrypted EMR data than might have been expected.

The study gauged the effectiveness of four types of attacks: "two are well-known and two are new." The researchers "evaluate(d) these attacks empirically in an electronic medical records scenario using real patient data from 200 U.S. hospitals."

Their findings? "When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered."

Specifically, and scarily, these attacks correctly recovered OPE-encrypted attributes, such as age and disease severity, for more than 80 percent of the patient records from 95 percent of the hospitals – "and certain DTE- encrypted attributes (e.g., sex, race, and mortality risk) for more than 60 percent of the patient records from more than 60 percent of the hospitals."

Encryption has long been looked to as an underused solution that could solve some of healthcare's most vexing security challenges.

But as the study suggests, "While encryption could offer some protections – particularly when the database is exfiltrated from disk – it also has serious limitations."

Most notably, "since an encrypted database cannot be queried, it has to be decrypted in memory which means the secret key and the database are vulnerable to adversaries with memory access," Kamara et al. write. "In cloud settings, where a customer outsources the storage and management of its database, encryption breaks any service offered by the provider."

Read their report in much more detail here.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.