Security

CVADRegistry.com delivers the highest standard of protection. All information regarding your account remains private and is never resold to third parties. All information entered is used for analytical comparison, however personal information connected to this data remains confidential.

• Password Protected - passwords are required to be a minimum of 12 characters with at least 1 number, 1 capital letter, and 1 special character.  When a user is initially added to the application, 2-factor authentication is used.

• 128-bit Encryption is used to encrypt any associated hospital medical record ID, the patient's initials and date of birth.

• Redundant Off-site Archives are used to back up the data.

• Data Verification is required during entry to identify and force correction of any missing or invalid data types.

• OSSEC is a platform to monitor the security of this system. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring, and Security Incident Management (SIM)/Security Information and Event Management (SIEM) together in a simple, powerful, and open source solution.

• Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally, Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Use strong passwords and 2-factor authentication where possible.

• SQL injection has been added to its monitoring and banning capabilities.  

• Firewall rules - multiple rules place to limit 'root' access from only the owner's IP address.  Root is the master user that has permission to make any changes to the operating system and files.