By Gil Vidals, , HIPAA Blog, Resources

What is an electronic database?

An electronic database is essentially a storage unit that collects, stores, and organizes information.

Data stored in a database may include names, phone numbers, and addresses. Any sort of information that an organization or individual may deem as significant or important can be stored in a database.

One form of particularly sensitive information that resides in an electronic database is protected health information (PHI). Protected health information is any health information linked to a specific individual, and used by healthcare professionals to identify and ensure proper care to the individual associated with that information.

Sensitive Information at Risk

With this in mind, IT administrators should be aware that the creation of new databases in an organization’s system can pose potential risks to the system’s security.

For starters, default or predefined user accounts are provided upon the creation or installation of a database. System Administrators that do not immediately configure the predefined user accounts and change their default passwords are susceptible to unauthenticated logins and database attacks.

A database breach of PHI presents particularly high severity risks for the organization and the individuals affected. If an unauthenticated login into an organization’s system is successful, confidential information may be exposed and any extraction of personal information may result in not only identity theft, but HIPAA compliance violations.

Valuable data and information that is stored in that database may be extracted, compromised, and even held for ransom. Removing default user logins can be a key way to help prevent these unauthenticated logins and security breaches.

In addition, any default paths that can be changed should be, including WordPress, Joomla, and others.