Open Dental on the Cloud using Amazon Server AWS

For users or potential users.
Post Reply
rhaber123
Posts: 415
Joined: Fri Dec 11, 2009 12:09 pm

Open Dental on the Cloud using Amazon Server AWS

Post by rhaber123 » Wed Jul 03, 2019 9:18 am

Could OD be used on the cloud using Amazon services?
Any feedback from Open Dental WILL BE HELPFUL
Last edited by rhaber123 on Sun Jul 07, 2019 10:43 pm, edited 1 time in total.

User avatar
Justin Shafer
Posts: 596
Joined: Sat Jul 28, 2007 7:34 pm
Location: Fort Worth, TX.

Re: Open Dental on the Cloud using Amazon Server AWS

Post by Justin Shafer » Wed Jul 03, 2019 10:45 pm

It looks like they are opening port 3306 on the virtual machine.. Not a good idea. Best to use a VPN. The screenshot about opening port 3306.. that is like opening the port on your office router. And encryption is required for HIPAA and a VPN offers that. Also it will be slow.. best to use the Middle Tier. Open Dental will soon have a hosted option on the cloud, that only they support and only they have access too.

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Sun Jul 07, 2019 4:17 pm

it doesnt matter
the security groups will be set to allow traffic to and from your office only.
so not relevant. and a necessary step in getting this done.
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

User avatar
cmcgehee
Posts: 711
Joined: Tue Aug 25, 2015 5:06 pm
Location: Salem, Oregon

Re: Open Dental on the Cloud using Amazon Server AWS

Post by cmcgehee » Mon Jul 08, 2019 7:45 am

That is a good step to restrict traffic to and from your office's IP addresses, but that still leaves a security problem in that that traffic is unencrypted. A third party who was able to collect packets between your office and your cloud could read large amounts of patient information.
Chris McGehee
Open Dental Software
http://www.opendental.com

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Mon Jul 08, 2019 9:37 am

not many dental offices have that kind of hi tech espionage going on. All in all its good to be secure in these times. That is easily accomplished also.
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

User avatar
Ardavan
Posts: 106
Joined: Sat May 15, 2010 9:10 am

Re: Open Dental on the Cloud using Amazon Server AWS

Post by Ardavan » Mon Jul 08, 2019 3:50 pm

@mafiaxxx Dental practices may not have hitech espionage, however allowing traffic to traverse the wire in cleartext is a HIPAA violation if you're in the united states. That being said it's easy enough to use the middle tier and secure it with SSL.
There are 10 types of people in this world, those who will laugh at this joke, and those who won't. ~Annonymous Bug Writer

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Mon Jul 08, 2019 10:34 pm

Yes as i said, it is easily accomplished
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

User avatar
Ardavan
Posts: 106
Joined: Sat May 15, 2010 9:10 am

Re: Open Dental on the Cloud using Amazon Server AWS

Post by Ardavan » Tue Jul 09, 2019 8:49 am

@rhaber123 Justin and Chris' answers have my endorsement as both of them have demonstrated time and time again that they understand the technology as well as the regulations the healthcare industry is bound by. Though I've never personally met either Justin is one of the few (perhaps the only) IT professionals in business for himself whose technical expertise I respect and I would vouch for (I've read most of his posts here and elsewhere on the web), and Chris is endorsed by OpenDental and has never steered me wrong.

Its really easy to do IT work, but understanding the work is another story. Part of the reason there are so many "breaches" and "data leaks" is because the people building and implementing systems simply aren't qualified to do so. Time and time again its a "misconfigured S3 bucket" or some other silly oversight which lead to very embarrassing headlines for the unfortunate companies who hire fly by night consultants and developers. Its really all common sense to anyone in the know, but not everyone who says they know actually does. I've dealt with many small firms and independent consultants throughout the years and the only thing about them which impressed me were their salesmanship, audacity, complete lack of understanding concepts I consider basic and common sense. Truth is for those who know what they're doing the industry pays well. Why bother with creating a company, chasing clients, and dealing with all the headaches of running a business when I can collect a decent paycheck, have benefits and a retirement plan, all while doing what I love without ever having to write a single invoice?

The sad fact is that the IT industry is unregulated and widely misunderstood, so literally anyone can print business cards and put up a website claiming to be a professional. IT is unlike more established industries which require education, licensure, insurance, etc... so its really buyer beware. If you hire a consultant or self proclaimed professional who through their negligence or incompetence leads to your practice leaking or loosing PHI the liability is entirely yours, and even if you do have cyber insurance chances are they will not pay out because you did not do your due diligence in hiring the contractor/firm/consultant who created the issue.
There are 10 types of people in this world, those who will laugh at this joke, and those who won't. ~Annonymous Bug Writer

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Wed Jul 10, 2019 8:41 am

you are right. In these times we need to consider security. But the article above is a how to.
If you look on the opendental site you will see a similar poorly written article teaching you how to set up cloud. (https://opendental.com/manual/cloudhostedserver.html)
This article is more detailed and fills out some of the steps that opendental missed. Because if you follow that you will end up stuck. How do I know because I followed it.... and got stuck.
So I rewrote it but did it better. So yes i will defend my work.
You're making this into a whole security discussion. That is not what this is about
There are other articles dealing with security HIPAA and all those other things on the site. Do a search. Or if you want I can post them for you.
Last edited by mafiaxxx on Wed Jul 10, 2019 8:57 am, edited 1 time in total.
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Wed Jul 10, 2019 8:51 am

here is one more article for you...there are more. just all topics are not lumped into one single article
https://www.shortcircuited.net/services ... b-services
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Wed Jul 10, 2019 8:56 am

And whats even more insane all these attacks we hear about in the news with offices and city agencies being crippled by ransomware for WEEKS. Not many of those servers are cloud hosted. Most if not all are in house local "protected" servers, behind concrete walls maintained my local IT staff yet they still get hacked.
Cloud hosting on amazon is very safe and you can literally do a server restore and be back up and running in 15 minutes. Watching the news and seeing city agencies down for weeks is insane to me.
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Wed Jul 10, 2019 9:18 am

rhaber123 wrote:Could OD be used on the cloud using Amazon services?
Any feedback from Open Dental WILL BE HELPFUL
here is a step by step
https://www.shortcircuited.net/services ... b-services

there are other articles dealing with the security concerns raised here.
Lovely feedback from the group!!
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

User avatar
Ardavan
Posts: 106
Joined: Sat May 15, 2010 9:10 am

Re: Open Dental on the Cloud using Amazon Server AWS

Post by Ardavan » Wed Jul 10, 2019 9:28 am

Thanks mafiaxxx, I apologize if my post seemed like an attack, I'll be the first to admit that in my early days I have done things for clients I would cringe at today and I'll be the first to call my younger self an idiot.

Having been around as long as I have and seen all that I have my faith in mankind has diminished and I have grown most callous and cynical, and not just towards IT professionals. An HVAC technician quoted us $3K for parts and $1k for labor to repair our office's air conditioning system, I read up on AC systems and fixed it without spending a dime on parts and it only took me a few hours (reading included). Just yesterday I was fighting with our dental service technicians because a $1.1K repair they did two months ago failed again and upon my inspection they were using zipties on a limit switch which lead to the issue (the original breakdown happened because a screw on the limit switch had come loose). The service company tried to deflect liability for their poor workmanship when it's clear as day that their use of a ziptie was not sufficient. The same service company a few months back said we have to replace a vaccum pump because the Appolo no longer supports the model, I was able to repair it with a $12 transformer I ordered off Amazon. Breakaway who is a fairly large firm used to open port 3389 on all their customer's routers without so little as restricting incoming traffic to only their IP addresses, despite my raising the issue with their leadership they just didn't get IT (this was before BlueKeep but even then it was common sense to anyone who isn't an idiot not to do that). These are just the examples which are fresh in my mind, I'm sure if I sat down and thought about it I could come up with more but you get the general idea.

I guess I'm just a grumpy old geek, but don't take it the wrong way. Before I was an engineer I learned from following guides and tutorials online assuming the publishers were some sort of Gods, but in reality we're all just people trying to figure it all out, naturally some are further along than others. I heard this a long time ago and didn't fully comprehend it then, but if you wish to secure a machine you must disconnect it from the network, power it down, lock it in a safe, lock the safe in a vault which is housed in a secure facility protected by armed guards, and even then it's not fully secure against all adversaries, just those lacking sufficient resources.

If you'd like to reach the same level of paranoia as me just setup some honeypots and expose them to the internet, you'll see where I'm coming from.

Also I'd recommend listening to the Sans Internet Stormcenter and Cyberwire podcasts, the stormcenter is usually less than 7 minutes and doesn't include advertisements, the Cyberwire is less than 25 minutes with a third to half of it being ads or vendor interviews, but its still insightful.

FYI about the security of cloud hosting: it is a model of shared responsibility.
https://aws.amazon.com/compliance/share ... ity-model/

The only thing secure about cloud hosting is physical access to the facilities, other than that it is the customer's responsibility.
There is nothing that makes cloud providers more or less secure.
Ransomware is scary because of how it works, really quite smart on the part of the attackers.
The fact that all these agencies are being burned only goes to reenforce my lack of faith in IT professionals who assume they know what they're doing but really have no idea.
Last edited by Ardavan on Wed Jul 10, 2019 9:33 am, edited 1 time in total.
There are 10 types of people in this world, those who will laugh at this joke, and those who won't. ~Annonymous Bug Writer

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Wed Jul 10, 2019 9:28 am

Justin Shafer wrote:It looks like they are opening port 3306 on the virtual machine.. Not a good idea. Best to use a VPN. The screenshot about opening port 3306.. that is like opening the port on your office router. And encryption is required for HIPAA and a VPN offers that. Also it will be slow.. best to use the Middle Tier. Open Dental will soon have a hosted option on the cloud, that only they support and only they have access too.
You are correct!!
I updated the article.
https://www.shortcircuited.net/services ... b-services
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Wed Jul 10, 2019 9:43 am

Ardavan wrote:Thanks mafiaxxx, I apologize if my post seemed like an attack, I'll be the first to admit that in my early days I have done things for clients I would cringe at today and I'll be the first to call my younger self an idiot.

Having been around as long as I have and seen all that I have my faith in mankind has diminished and I have grown most callous and cynical, and not just towards IT professionals. An HVAC technician quoted us $3K for parts and $1k for labor to repair our office's air conditioning system, I read up on AC systems and fixed it without spending a dime on parts and it only took me a few hours (reading included). Just yesterday I was fighting with our dental service technicians because a $1.1K repair they did two months ago failed again and upon my inspection they were using zipties on a limit switch which lead to the issue (the original breakdown happened because a screw on the limit switch had come loose). The service company tried to deflect liability for their poor workmanship when it's clear as day that their use of a ziptie was not sufficient. The same service company a few months back said we have to replace a vaccum pump because the Appolo no longer supports the model, I was able to repair it with a $12 transformer I ordered off Amazon. Breakaway who is a fairly large firm used to open port 3389 on all their customer's routers without so little as restricting incoming traffic to only their IP addresses, despite my raising the issue with their leadership they just didn't get IT (this was before BlueKeep but even then it was common sense to anyone who isn't an idiot not to do that). These are just the examples which are fresh in my mind, I'm sure if I sat down and thought about it I could come up with more but you get the general idea.

I guess I'm just a grumpy old geek, but don't take it the wrong way. Before I was an engineer I learned from following guides and tutorials online assuming the publishers were some sort of Gods, but in reality we're all just people trying to figure it all out, naturally some are further along than others. I heard this a long time ago and didn't fully comprehend it then, but if you wish to secure a machine you must disconnect it from the network, power it down, lock it in a safe, lock the safe in a vault which is housed in a secure facility protected by armed guards, and even then it's not fully secure against all adversaries, just those lacking sufficient resources.

If you'd like to reach the same level of paranoia as me just setup some honeypots and expose them to the internet, you'll see where I'm coming from.

Also I'd recommend listening to the Sans Internet Stormcenter and Cyberwire podcasts, the stormcenter is usually less than 7 minutes and doesn't include advertisements, the Cyberwire is less than 25 minutes with a third to half of it being ads or vendor interviews, but its still insightful.

FYI about the security of cloud hosting: it is a model of shared responsibility.
https://aws.amazon.com/compliance/share ... ity-model/

The only thing secure about cloud hosting is physical access to the facilities, other than that it is the customer's responsibility.
There is nothing that makes cloud providers more or less secure.
Ransomware is scary because of how it works, really quite smart on the part of the attackers.
The fact that all these agencies are being burned only goes to reenforce my lack of faith in IT professionals who assume they know what they're doing but really have no idea.
you know what? you are 110% correct
I updated the article to reflect the concerns of guys in this group.
I appreciate your feedback.
I do admit i was a little cavalier at first.
I have accepted my criticism and updated the article and will add more about security.
Thanx a lot!!
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

User avatar
Justin Shafer
Posts: 596
Joined: Sat Jul 28, 2007 7:34 pm
Location: Fort Worth, TX.

Re: Open Dental on the Cloud using Amazon Server AWS

Post by Justin Shafer » Tue Jul 16, 2019 1:38 am

Holy smoke.. great thread. I heard that BreakAway had the patient wifi able to talk to the main office network... tested a client who still had a breakaway setup, I couldn't ping the ip of the server... all I got.

mafiaxxx
Posts: 26
Joined: Sat Jul 22, 2017 9:55 am
Contact:

Re: Open Dental on the Cloud using Amazon Server AWS

Post by mafiaxxx » Thu Jul 18, 2019 6:48 pm

check out this awesome video on cloud security
https://onlinexperiences.com/scripts/Se ... 3500249712
Short Circuited Computer Services
Medical and Dental Computer Techs.
http://www.shortcircuited.net

Post Reply