Why your medical exams are secure with EasyRadiology
EasyRadiology uses military grade encryption to protect your patient's medical exams. Even employees of
- Your medical exams are stored in an encrypted ZIP archive
- The encrypted images are loaded from the server and are decrypted in your browser
- The password is only known to you
- Using latest technologies it is impossible to break the encryption
- The password is never transfered to our server (but remains in your browser)
- You can audit us
"Encryption is the single best hope for fighting surveillance of any kind. If all our data, including our communications, were enciphered in this fashion, from end to end…then no government - no entity conceivable under our current knowledge of physics, for that matter - would be able to understand them."
EasyRadiologyuses standards for its file format and for encryption, which is important to not accidentally implement flaws in the code, which could breach the security. Thus, the file format is a standard ZIP and the encryption is performed with AES (256 bits).
The keys only belong to you!
EasyRadiologydoes not have or store the encryption key to the medical exams, which you upload. For radiologies we have a special server software, which runs EasyRadiologyon hospital servers. The encryption keys for the exams are issued in a document, which is easy to read and understand for the patients.
No chance for intruders
Even if a hospital server with a local
EasyRadiologyinstallation is compromised, the intruders will not be able to decipher the patient's radiology exams, but just find scrambled data.
State-of-the-art encryption technology
In an age, where hospital servers are intertwined with the internet, there is always the threat of
data security issues like leaking patient data to the open.
In our company
Our company has a track record of security knowledge, especially with encryption software. Dr. Weihrauch started developing encryption tools during his medical school ("Crypt", C++) and improved his skills with his open source project "NoSSL, JS/PHP". Recently, he developed a crypto project specifically for
Pay us an unscheduled visit and audit us!
It's not easy to trust some company on the internet. Therefore, we offer anyone
to visit us unscheduled (or scheduled, if you prefer) to have a look at our servers and internet operations.
Please bring a laptop and a radiology exam. Then, you can upload the radiology exam's files from your laptop through
The only thing we ask in return is that you publish your visit and the results online and we can link to it. Then, we can spread the word about our data-conscious processes!
EasyRadiology publishes its encryption algorithms for all!
It is a good practice to publish the encryption code as open-source, so that anyone can scrutinize the security of the solution line by line and check the result of the encryption.
1. Encryption of the DICOM CD folder
The DICOM_CD folder is encrypted with a password, which has a format of 4x 8 (=32) characters separated by "-". This has a randomness of 2.3 x 10^57, which corresponds to 192 bits. With current technologies, AES with a 192 bit password cannot be broken.
2. Encryption of the patient data
The patient data are stored alongside preview images in the ZIP container in a JSON file. This
JSON file is encrypted with a 32 byte key (256 bits) with AES-256. The key is generated from
the Exam Access Code. The "Exam Access Code" was chosen as a means that physicians and patients can enter the code
easily on the website of
3. Encryption source code online
Please have a look at the source code, which we developed and are using in
Let's assess the risks:
Let's assume, a hacker is able to access the database and read all data from it. All he can find are encrypted exams. If he wants to brute-force crack the password of only one single radiology exam, he would attack the "Exam Access Code", because attacking the ZIP AES-256 (192 bit key) is futile. The settings for Scrypt to generate the key from the Exam Access code, it takes an average of 250 ms per key derivation on a i7 machine. To calculate 50% of all possible keys, this machine would need appr. 250,000 years (very conservative estimate). So even, if you'd invest in 250,000 computers calculating many keys simultaneously, it would take them 1 year to crack only this one radiology exam with a chance of 50% (again, 1 radiology exam, for 2 radiology exams you would need the double amount of time or computers, because the access codes and the SALT vary between radiology exams). Pre-computing rainbowtables is impossible because we SALT the key before Scrypt is applied. This is not taking into account that - even when you have derived a single key - you need to apply it to the encrypted file to check, if the key is correct or not, which would itself consume time The chance of anyone heavily investing so much resources and money to crack only one single radiology exam is highly unlikely.
Sending out email with medical exam keys
Sending out the email to the user with the radiology exam keys is actually a more realistic threat to security and should be used at the user's discretion. The possible attack can be either from the email service provider (reading your emails) or from anyone who can access your emails on your computer. We will implement another means of encryption on this webpage, namely that you can use a offline-converter and upload the result to our cloud or to have the radiology exam pre-anonymized in your browser. Alternatively, you will be able to receive the "Exam Access Code" after upload on the website and will not receive an email. However, we think that most users / patients would prefer a simple service and accepting the risk of their unsecure emails (and how much would I like to talk about the crazy nonsense that emails are not all end-to-end encrypted over the entire internet between users)
Losing the document with the codes somewhere
This is actually the most realistic scenario: a patient loses his document with passcodes somewhere and someone else can view his medical exam. However, this is already happening nowadays with a patient having a copy of his radiology exam reports.
However, we will further srutinize our technology constantly for possible improvements and are always grateful for recommendations from anyone!