Why your exams are secure with EasyRadiology

EasyRadiology uses military grade encryption to protect your patient's exams. Even employees of EasyRadiology will not be able to access your data, because only you hold the keys to your data. Below we lay out the exact technology, we use. In brief for a quick read:

  • Your exams are stored in an encrypted ZIP archive
  • The encrypted images are loaded from the server and are decrypted in your browser
  • The password is only known to you
  • Using latest technologies it is impossible to break the encryption
  • The password is never transfered to our server (but remains in your browser)
  • You can audit us

  • Image
    A cryptoexpert says...

    "Encryption is the single best hope for fighting surveillance of any kind. If all our data, including our communications, were enciphered in this fashion, from end to end…then no government - no entity conceivable under our current knowledge of physics, for that matter - would be able to understand them."

  • Image
    Using standards

    EasyRadiology uses standards for its file format and for encryption, which is important to not accidentally implement flaws in the code, which could breach the security. Thus, the file format is a standard ZIP and the encryption is performed with AES (256 bits).

  • Image
    The keys only belong to you!

    EasyRadiology does not have or store the encryption key to the medical exams, which you upload. For radiologies we have a special server software, which runs EasyRadiology on hospital servers. The encryption keys for the exams are issued in a document, which is easy to read and understand for the patients.

  • Image
    No chance for intruders

    Even if a hospital server with a local EasyRadiology installation is compromised, the intruders will not be able to decipher the patient's radiology exams, but just find scrambled data.

State-of-the-art encryption technology

In an age, where hospital servers are intertwined with the internet, there is always the threat of data security issues like leaking patient data to the open. In our company EasyRadiology, we take data protection very seriously, especially as every single radiology "DICOM" file carries patient data like name and date of birth.
Our company has a track record of security knowledge, especially with encryption software. Dr. Weihrauch started developing encryption tools during his medical school ("Crypt", C++) and improved his skills with his open source project "NoSSL, JS/PHP". Recently, he developed a crypto project specifically for EasyRadiology (Net-Core-JS-Encryption-Decryption, .NET Core / JS).

Pay us an unscheduled visit and audit us!

It's not easy to trust some company on the internet. Therefore, we offer anyone to visit us unscheduled (or scheduled, if you prefer) to have a look at our servers and internet operations. Please bring a laptop and a radiology exam. Then, you can upload the radiology exam's files from your laptop through EasyRadiology while we take you through your radiology exam being processed on our servers! You will be able to track the process and see for yourself that your radiology exam is fully encrypted and none of the patient data are stored in our database or on the servers. This is why it is impossible - even for EasyRadiology employees - to access the patient data stored in a radiology exam.
The only thing we ask in return is that you publish your visit and the results online and we can link to it. Then, we can spread the word about our data-conscious processes!

EasyRadiology publishes its encryption algorithms for all!

It is a good practice to publish the encryption code as open-source, so that anyone can scrutinize the security of the solution line by line and check the result of the encryption.

1. Encryption of the DICOM CD folder

The EasyRadiology Image format (ERI) is a ZIP archive. It contains the entire original DICOM data (the CD/DVD folder) encrypted with AES-256. When you download the ZIP file and open it, you will see a folder labeled "DICOM_CD". To extract files or the entire directory, please use a ZIP software like the free 7-ZIP, WinRAR, etc, because Windows does not support the AES-256 encryption in ZIP files. If you are regularly extracting exams from other radiologies, we can provide you with a special software connected to a QR code scanner to speed up the process.

The DICOM_CD folder is encrypted with a password, which has a format of 4x 8 (=32) characters separated by "-". This has a randomness of 2.3 x 10^57, which corresponds to 192 bits. With current technologies, AES with a 192 bit password cannot be broken.

2. Encryption of the patient data

The patient data are stored alongside preview images in the ZIP container in a JSON file. This JSON file is encrypted with a 32 byte key (256 bits) with AES-256. The key is generated from the Exam Access Code. The "Exam Access Code" was chosen as a means that physicians and patients can enter the code easily on the website of EasyRadiology or the radiology. The "Exam Access Code" uses only 9 characters (3 x 3, separated by "-"), which are A-Z (without "O") and 1-9 (without "0"). This results in a randomness of 35^9 = 7.8 x 10^13. This would be a real security threat, if the key derivation from the "Exam Access Code" to the AES-256 key would be fast. However, EasyRadiology uses the key derivation algorithm "Scrypt" with settings that have a slow performance on current computers. "On modern hardware and with default parameters, the cost of cracking the password on a file encrypted by Scrypt is approximately 100 billion times more than the cost of cracking the same password on a file encrypted by regular (open)SSL - this means that a five-character password using Scrypt is stronger than a ten-character password using openssl." (from tarsnap.com).

3. Encryption source code online

Please have a look at the source code, which we developed and are using in EasyRadiology here: https://github.com/smartinmedia/Net-Core-JS-Encryption-Decryption

Risk assessment

Let's assess the risks:

Intrusion into EasyRadiology server

Let's assume, a hacker is able to access the database and read all data from it. All he can find are encrypted exams. If he wants to brute-force crack the password of only one single radiology exam, he would attack the "Exam Access Code", because attacking the ZIP AES-256 (192 bit key) is futile. The settings for Scrypt to generate the key from the Exam Access code, it takes an average of 250 ms per key derivation on a i7 machine. To calculate 50% of all possible keys, this machine would need appr. 250,000 years (very conservative estimate). So even, if you'd invest in 250,000 computers calculating many keys simultaneously, it would take them 1 year to crack only this one radiology exam with a chance of 50% (again, 1 radiology exam, for 2 radiology exams you would need the double amount of time or computers, because the access codes and the SALT vary between radiology exams). Pre-computing rainbowtables is impossible because we SALT the key before Scrypt is applied. This is not taking into account that - even when you have derived a single key - you need to apply it to the encrypted file to check, if the key is correct or not, which would itself consume time The chance of anyone heavily investing so much resources and money to crack only one single radiology exam is highly unlikely.

Sending out email with exam keys

Sending out the email to the user with the radiology exam keys is actually a more realistic threat to security and should be used at the user's discretion. The possible attack can be either from the email service provider (reading your emails) or from anyone who can access your emails on your computer. We will implement another means of encryption on this webpage, namely that you can use a offline-converter and upload the result to our cloud or to have the radiology exam pre-anonymized in your browser. Alternatively, you will be able to receive the "Exam Access Code" after upload on the website and will not receive an email. However, we think that most users / patients would prefer a simple service and accepting the risk of their unsecure emails (and how much would I like to talk about the crazy nonsense that emails are not all end-to-end encrypted over the entire internet between users)

Losing the document with the codes somewhere

This is actually the most realistic scenario: a patient loses his document with passcodes somewhere and someone else can view his exam. However, this is already happening nowadays with a patient having a copy of his radiology exam reports.

Summary

Realistically, EasyRadiology offers a pretty good security which outperforms competing solutions in cryptography. Especially, the biggest threat for any hospital that not only a single but all patient's data are exposed to hackers, seem negligable because of the applied technologies.
However, we will further srutinize our technology constantly for possible improvements and are always grateful for recommendations from anyone!