[LINK] Hacking of medical records

Bernard Robertson-Dunn brd at iimetro.com.au
Mon Dec 17 11:39:50 AEDT 2012 

On 15/12/2012 7:56 AM, Tom Worthington wrote:
> On 12/12/12 15:58, Glen Turner wrote:
>
>> ... offsite backups would have ameliorated the situation. ...
> Backups are covered in the Royal Australian College of General
> Practitioners "Computer and Information Security Standards":
> http://www.racgp.org.au/your-practice/standards/ciss/

IMHO, whoever wrote that, and anyone who recommends that advice, are 
amateurs when it comes to understanding the requirements of backup.

There is so much wrong with that advice, I haven't got the time or 
energy to to point it all out, however, I'll touch on two issues:

The first is the difference between backup for a) DR and b) to recover 
files that have been accidentally deleted or where you need to revert to 
previous versions (information protection).

The requirements for DR back-up are to allow an enterprise to recover 
from a catastrophic loss of system. You lose access to your hardware so 
you need to acquire some more and rebuild the complete system. One 
strategy is to keep a full backup and then incremental changes until the 
next full backup. You can choose how many old versions you keep, but you 
probably don't need more than two full sets. Timing is relatively 
arbitrary although two issues are important. 1) - It is useful to take a 
full backup just before upgrades are applied. 2) Restore time increases 
the more incremental backup you have.

Re information protection has different requirements. Suppose you create 
a document on a Monday and delete it on the next Friday. You take daily 
backups and weekly backups on a Friday night, after business. Your file 
exists on daily backups but not on weekly or monthly backups. Six months 
later you discover that you have deleted the file, but cannot get it back.

A similar situation occurs if you want to go back to a previous version 
of a file that you have changed multiple times over a relatively short 
period of time.

The RACGP document says "Data restoration is the knowledge of how to 
‘rebuild’ a system and server if it has become inoperable." In other 
words it only really covers the DR case. It does not cover the 
information protection case, which, incidentally, is often necessary to 
meet the legal requirements of medical practices.

The rotating media strategy recommended by the RACGP document went out 
with the ark, or at least when simplistic tape backup technologies were 
the only ones available. There are far more sophisticated technologies 
available where information protection can be achieved, e.g. where the 
system looks at changes in data not snapshot views of data. If your 
strategy is to keep thirty copies of a changed file then all thirty 
copies of that file will be available for as long as the media is 
readable and the backup system operates.

The second issue is databases.
Databases often need special procedures for backup. You need to ensure 
system integrity, which you are unlikely to get with straight file level 
backup. The RACGP advice on backups doesn't even mention databases, 
never mind that they are likely to have special needs, or what they are.

IMHO the RACGP advice is worse than useless, it is dangerous. It gives a 
false sense of security. Naive technologists will think they have 
covered all the bases, when in fact they haven't.

I'll repeat my mantra: Understand the problem first, then look at solutions.

-- 

Regards
brd

Bernard Robertson-Dunn
Sydney Australia
email:brd at iimetro.com.au
web:www.drbrd.com
web:www.problemsfirst.com

More information about the Link mailing list