| Subject | Re: [firebird-support] practice information system |
|---|---|
| Author | Daniel Rail |
| Post date | 2014-01-05T10:38:38Z |
On 2014-01-05 12:25 AM, Marc Hakman wrote:
directly, then the risk is reduced. This way someone would have to get
the database file from the server and copy it elsewhere to gain access
to the patient data.
And that your patient data is accessed from the outside only via
webservices or an HL7 server, then I wouldn't worry too much, unless
those services are not using secured communication(i.e.: SSL).
information system is not using it, otherwise the application will stop
working.
> Hi,As long as Firebird is not accessible from outside your firewall
>
> I am running a professional commercial practice information system, based on firebird in Germany. The system is certified by the german health agencies.
>
>
> Problem?
> The firebird account name and pasword are NOT changed.
> The government is rolling out a patient chip card with the possibility to exchange the basic patients data with their social security health assurance agency by WAN. Is there a possibility for them to get access to (other) patient files (so the complete database) through a backdoor, e.g. via the admin account? Is there another way?
directly, then the risk is reduced. This way someone would have to get
the database file from the server and copy it elsewhere to gain access
to the patient data.
And that your patient data is accessed from the outside only via
webservices or an HL7 server, then I wouldn't worry too much, unless
those services are not using secured communication(i.e.: SSL).
> Is it a security risk not changing the account name and pw?There is a security risk, but also do make certain that the practice
information system is not using it, otherwise the application will stop
working.
>
> I am not paranoia, just concerned about my business and even more the medical confidentiality.
>
>