SQL Injection - Threats to Medical Systems: The Issues and Countermeasures

A vast majority of medical information systems use Standard Query Language databases (SQL) as the underlying technology to deliver medical records in a timely and efficient manner. SQL is a standardised and well entrenched database technology, which allows for the development of robust, customised applications for information management. In recent years, SQL has been used as the back-end to many successful web client accessible applications. The use of SQL in this manner has been greatly enhanced through the development of server side scripting languages such as Microsoft ASP and open source systems such as PHP. These allow for the representation and extraction of data from a database and have a range of manipulation and display possibilities allowing a developer a rich tapestry of options. However, these scripting languages have enabled the ability for malicious users to directly modify, manipulate or destroy SQL databases. In addition to those server side scripting language problems there is also malicious software in the form of worms specifically targeting SQL databases.