1

I'm developing a SaaS in healthcare. Users are trusting my SaaS with their very private medical information.

I expect my platform (LAMP based) to be breached sooner or later and I'm looking for ways to minimize data leakage.

Currently I have
- user passwords hashed and salted
- user real names, phone numbers are in plain text
- user private medical data in plain text

I'm looking for some pointers where to look about this subject. All comments are appreciated!

John D
  • 19
  • 1
  • 2
    Crikey. A couple thoughts: Design as though you will be breached, but if you _expect_ to be breached, you probably shouldn't be writing this software. IANAL and this is not my field, but the moment you start touching people's medical records, you run aground a minefield of legislation and laws that will require you -- with good reason -- to lock down that data in many different ways. At a minimum, you should familiarize yourself with [HIPAA](http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act), and probably should find yourself an independent security auditor. – twooster Jan 23 '12 at 06:30
  • Yes, I do not expect but I keep in my mind that breach could happen. – John D Jan 23 '12 at 06:33

2 Answers2

1

It sounds like you are in over your head and the expectation of a security breach is unacceptable. Head over to US HHS Web Site - Health Information Privacy and start reading up on data management requirements in the US at least.

tawman
  • 2,478
  • 1
  • 15
  • 24
  • Thank you for your link. I'm new to this and I want to be as prepared as possible. Recent Zappos breach made me think about securing user data – John D Jan 23 '12 at 06:44
0

There are few problems with what you've listed so far.

First, you probably need to do more than just salt and hash your password. You should be using an adaptive hashing algorithm like bcrypt. Normally hashes are designed to be very fast, which isn't a very secure property because it enabled brute-force attacks. Things like bcrypt are designed to be much slower to prevent these attacks (but still be fast enough to not cause performance problems).

Next, you cannot store medical data in plain-text. Many healthcare institutions won't even consider using your software unless all data "at rest" is encrypted. This means that you need to store all your data in an encrypted form. This obviously applies to sending data as well.

For more information check out HIPAA, which talks about what you can, can't, and shouldn't be doing with healthcare data. Meeting HIPAA requirements will almost certainly be a requirement if you want to sell this software anywhere.

On a more personal note, you should consider following the Healthcare Industry stack exchange proposal. It would be a good place to ask questions like this, with a lot of experts working in Health IT to help.

Oleksi
  • 12,947
  • 4
  • 56
  • 80