School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
An increasing amount of E-health software packages are being bundled with Standard Query Language (SQL) databases as a means of storing Electronic Medical Records (EMR’s). These databases allow medical practitioners to store, change and maintain large volumes of patient information. The software that utilizes these databases pulls data directly from fields within the database based on standardized query statements. These query statements use the same methods as web-based applications to dynamically pull data from the database so it can be manipulated by the Graphical User Interface (GUI). This paper proposes a study for an investigation into the susceptibility of popular E-health software packages to code injection attacks that are prevalent on web based applications. The proposed research also aims to examine the vulnerability of popular Australian E-Health software to network based attack methods in a test environment. Attacks of this nature on medical information systems have the potential to alter or destroy patient data, hold medical information services ransom or even disclose sensitive patient information.