The Need for an Investigation into Possible Security Threats Associated with SQL Based EMR Software
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Edith Cowan University
Place of Publication
Perth, Western Australia
Faculty
Faculty of Computing, Health and Science
School
School of Computing, Health and Science
RAS ID
3975
Abstract
An increasing amount of E-health software packages are being bundled with Standard Query Language (SQL) databases as a means of storing Electronic Medical Records (EMR’s). These databases allow medical practitioners to store, change and maintain large volumes of patient information. The software that utilizes these databases pulls data directly from fields within the database based on standardized query statements. These query statements use the same methods as web-based applications to dynamically pull data from the database so it can be manipulated by the Graphical User Interface (GUI). This paper proposes a study for an investigation into the susceptibility of popular E-health software packages to code injection attacks that are prevalent on web based applications. The proposed research also aims to examine the vulnerability of popular Australian E-Health software to network based attack methods in a test environment. Attacks of this nature on medical information systems have the potential to alter or destroy patient data, hold medical information services ransom or even disclose sensitive patient information.
DOI
10.4225/75/57b5481eb8759
Access Rights
free_to_read
Comments
Proceedings of 5th Australian Information Security Management Conference, Edith Cowan University, Perth Western Australia, December 4th 2007. Available here