Title

The Need for an Investigation into Possible Security Threats Associated with SQL Based EMR Software

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University

Place of Publication

Perth, Western Australia

Faculty

Computing, Health and Science

School

Computing, Health and Science

RAS ID

3975

Comments

Originally published in the Proceedings of 5th Australian Information Security Management Conference, Edith Cowan University, Perth Western Australia, December 4th 2007.

Abstract

An increasing amount of E-health software packages are being bundled with Standard Query Language (SQL) databases as a means of storing Electronic Medical Records (EMR’s). These databases allow medical practitioners to store, change and maintain large volumes of patient information. The software that utilizes these databases pulls data directly from fields within the database based on standardized query statements. These query statements use the same methods as web-based applications to dynamically pull data from the database so it can be manipulated by the Graphical User Interface (GUI). This paper proposes a study for an investigation into the susceptibility of popular E-health software packages to code injection attacks that are prevalent on web based applications. The proposed research also aims to examine the vulnerability of popular Australian E-Health software to network based attack methods in a test environment. Attacks of this nature on medical information systems have the potential to alter or destroy patient data, hold medical information services ransom or even disclose sensitive patient information.

DOI

10.4225/75/57b5481eb8759

 

Link to publisher version (DOI)

10.4225/75/57b5481eb8759