Hello All ,
I am working on a Web Application which does data analytics on Hospital Information[HL7 and DICOM] .
During the ETL transformation , All Patient related data are de-identified and displayed in the User Interface .
As a Tester i would like to understand the probable different ways an Ethical hacker would try to decode these patient related data .
This is something very new for me . It would be great if someone would share their experience or shower some test ideas on the same.
Thanks,
Sada
No i havenβt tried this out . I will check this.
Hi Sada
I would start by asking some questions, so:
How are the HL7 messages transmitted, is it tcp or file transfer (ftp)?
How are the messages stored before they are de-identified?
How is the patient data de-identified?
Thanks
Tracey
I donβt know your database data is being encrypted but there are lots of tools available to attempt decryption of various SHA1, MD5 hashes etc, all known to hackers. Crackstation is a good example.
https://crackstation.net
Hi Tracey ,
To answer your question :
1.HL7 messages are transmitted using TCP protocol on 9090 port using Thrift application .
2.All the messages are in RAW format before they are de-identified .
3.Patient data is de-identified using SHA-1 .
Best Regards,
Sada
Hi Paul ,
Database used is MaprDB and the encryption of data happens with SHA-1.
Hi I am a bit late to the party but there is a good project on git which we have used in the past to do similar stuff https://github.com/sunitparekh/data-anonymization , worth a read and you can clone it and modify it according to your needs.