Major Security Issue with Images

For users or potential users.
Post Reply
afeuer
Posts: 93
Joined: Tue Aug 26, 2008 8:45 pm

Major Security Issue with Images

Post by afeuer » Sun Mar 19, 2023 8:44 pm

I've made a post about this before, but I can't understand what I'm missing that we aren't at risk.

The way Open Dental is defaulted to run is with a standard file sharing setup. This means that any user or computer who has access to open dental also has full access to copy, delete or change the entire A to Z folder. There is no way to stop a compromised user/device from copying the entire directory. We've got patient information, drivers licenses, medical history, imaging, etc all in this folder. My cyber insurance company wouldn't cover me with this setup.

Yes, there are other options, such as keeping the images in the database, but that makes the database huge and limits features. Dropbox isn't practical for certain setups and really doesn't add much security. We use sFTP, but it doesn't seem like they really want to develop that option because you can't change the port or create local computer overrides. So unless you fit into a narrow bucket of office designs, there really isn't any other good options.

There are work arounds to increase security, but I know most people aren't doing those. There's always talk about making sure the database has a password and even using a middle tier server, but if we can't secure and encrypt the images then I think we really need to figure out how to change things.

Perhaps a separate image database?? more options for an sftp setup? or some other way to limit what images users can access without calling them from within open dental.

Thanks,
-Adam

User avatar
jordansparks
Site Admin
Posts: 5739
Joined: Sun Jun 17, 2007 3:59 pm
Location: Salem, Oregon
Contact:

Re: Major Security Issue with Images

Post by jordansparks » Wed Mar 29, 2023 4:47 am

From all the options you listed, it kind of sounds like enhancing sFTP is the way to go. I wasn't aware that people were running into limitations with that.
Jordan Sparks, DMD
http://www.opendental.com

Post Reply