Encrypted medical databases shown to leak information
Microsoft research finds record vulnerable to data leakage
Encrypted medical databases shown to leak information
Databases used to storage electronic medical records are prone to information leakage despite being encrypted, according to research from Microsoft.
In a paper due to be presented at the ACM Conference on Computer and Communications Security in October, sensitive medial data on patients could be stolen using four methods of hacking.
According to researchers, they were able to find out data such as sex, race, age and admission information from real patient records from 200 hospitals in the US. The attacks were carried out using a high-end MacBook laptop.
The study used four types of attacks to gain information form encrypted databases; frequency analysis, lp-optimisation, sorting attack for dense columns and a cumulative attack for low-density columns.
The focus of the attacks was on database systems that used CryptDB to encrypt data. This type of database is used protect confidential information, but the researchers, using the above methods, showed that as the layers are peeled away, data leaks out.
“When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered,” the authors of the report said.
An inference attack was used that combined leaked data with information in the public domain to hack the database. By comparing public information with guesses at what was in the encrypted data (i.e. looking at datasets of encrypted data that occurred most often), the authors were able to work out information such as mortality risks and causes of death for 99 percent of the 200 hospitals.
Other attacks also managed to unearth information such as months of admission using a sorting attack.
If a hacker wanted to carry out the same kind of hack, they would need access to the server that held the database and then wait as queries were made to that database in order to find the right layer of data and encryption in order to discover what the data was. The research found that CryptDB isn't as secure as it has been assumed.
The authors said that in using a cumulative attack, this method “recovered disease severity, mortality risk, age, length of stay, admission month, and admission type of at least 80 percent of the patients for at least 95 percent of the largest 200 hospitals. For 200 small hospitals, the attack recovered admission month, disease severity, and mortality risk for 100 percent of the patients for at least 99.5 percent of the hospitals.”
The authors added that while the focus of attacks was on hospital record, it could be used against most types of databases that store demographic data.
James Maude, senior security engineer at Avecto, told SC Magazine that whether it is an email or accidental download of corrupted files, “these situations can be avoided and yet many businesses continue to overlook fundamental IT security practises.”
"Time and time again, the removal of admin rights proves to be a simple and effective threat mitigation strategy, which minimises the risk of internal breaches. Organisations can no longer afford to rely on reactive strategies to deal with the advanced nature of attacks and instead they must adopt a proactive approach to security,” he said.
Jules Pagna Disso, head of R&D at cyber-security consultancy Nettitude, told SC Magazine that method used during the attacks described by this research are well known and fairly easy to execute.
“They date back to the early years of cryptosystems. Fortunately, the attacks are not popular due to the fact that order preserving encryption is not widely accepted. Whilst the order preserving encryption looks at solving many weakness of existing system, its fundamental design is flawed. The idea of being able to search encrypted data suggests that somehow some patterns can be identified,” he said.
He added that the attack described in this paper is very specific to a weakness found in the implementation of the order preserving encryption (OPE). “Any other database system using the OPE would be exposed to the same problem.”
Disso added that attackers would be interested in such data because they can sell it for $10 US per record or more. “This translates to $10 million (US) earnings for a database of one million users. Malicious users will then use the medical records to create fake ids that they can then use to buy drugs that are not easily accessible. These drugs are then resold for much more money. The same stolen data can be used in combination of a fake id to make various claims such as insurance claims.”
Yogi Chandiramani who is a security expert from FireEye, told SC Magazine that as internal systems need to be accessed, these attacks would require considerable preparation.
“Even though the data is encrypted it needs to transit unencrypted in the system's memory (RAM) in order to be processed by applications. This means that at some stage the data is in the clear. If attackers gain access to those portions of memory when it is unencrypted they could potentially access data which is encrypted on disks. It is somewhat similar to the heart bleed vulnerability where snippets of the private key were in memory and could be used by the attackers to gain access to “encrypted” data,” he said.
Dave Palmer, director of Technology at Darktrace said that in recognising the attractiveness of medical records as a target, the healthcare industry is slowly moving to new types of protective encryption of data when it is stored in data centres.
“This is a positive step but fundamentally the data does need to be used and so the encryption will be unlocked at certain points in time, and recent research shows that the new encryption technologies being used can be tricked into leaking more data than expected,” he told SC Magazine.
“At this time it is reasonable to assume that encrypted databases can slow hackers down, potentially significantly, but it doesn't negate the risk entirely.”