crystal practice management – encrypting the...
TRANSCRIPT
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 1
Crystal Practice Management – Encrypting the Database
Contents Overview ....................................................................................................................................................... 1
Level of Encryption ....................................................................................................................................... 1
Why encrypt your Crystal Practice Management data? ............................................................................... 1
How to encrypt the database ....................................................................................................................... 2
Which option to choose for data encryption? .............................................................................................. 2
Encrypting the entire drive ........................................................................................................................... 2
BitLocker ....................................................................................................................................................... 3
TrueCrypt ...................................................................................................................................................... 3
Encrypting the data folder .......................................................................................................................... 12
Encrypt a backup drive ................................................................................................................................ 20
Overview Crystal Practice Management stores all patient and administration information within a MySQL
database. All non-Crystal PM patient information [referral letters, paper medical records, x-rays, 3rd
party applications, etc.] can be attached to a patient’s chart which is then store with the MySQL
database.
Level of Encryption If this document is followed properly the level of encryption will be set to AES SHA-512 or AES RIPEMD-
160 depending of encryption configuration.
Why encrypt your Crystal Practice Management data? Due to changes in HIPAA, if patient data is unencrypted and the computer and/or hard-drive, is stolen
then you are required to inform all of your patients that their personal information is now at risk. If a
security breach is committed intentionally, or accidentally, penalties can be assed. [Maximum fine for a
serious violation is $50,000 per single violation, with a $1.5 Million maximum total per year, and
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 2
possible prison sentences up to 10 years]. A security breach also includes all unencrypted backups of
the data.
How to encrypt the database While this guide does give a step by step instruction on how to encrypt your Crystal Practice
Management data, it is recommended that only System Administrators attempt this process.
Create a backup of the MySQL data.
You have 2 choices for encryption software BitLocker and TrueCrypt.
With whichever software you decide to use, there are 2 different ways to encrypt the data
1) Encrypt the entire drive
2) Encrypt the MySQL data folder.
Which option to choose for data encryption? We recommend encrypting the entire hard-drive, but at a minimum the data folder. For Windows 8 the
only option currently available is to encrypt a data folder.
Things to consider, every time the computer is reset, a password must be entered
o If the entire hard-drive is encrypted (recommended solution) then the password will
have to be entered before the operating system will load [a BIOS level password].
o If just the data folder is encrypted then the Operating System will load properly, but the
MySQL service will not start until the folder is mounted.
Several offices have their server configured so that it can only be accessed from the network [it does not
have a monitor or keyboard attached, or the server is in a closet, or the server is not easily accessible].
If the server is reset (power goes out, downloaded security update, etc.) then someone must manually
type in the password before the database can be accessed.
If only the data folder is encrypted, then the operating system will load [allow for network remote
access], but MySQL will not load until a user connects, types the password into the TrueCrypt software,
and starts the MySQL database.
Encrypting the entire drive At the time of writing this document (12/2/2013) Windows 8 does not allow for encrypting of the entire
drive, please scroll down to encrypting the data folder.
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 3
Operating Systems which allow for encrypting the entire drive: Windows 7 (32-bit and 64-bit), Windows
Vista (32-bit and 64-bit), Windows XP (32-bit and 64-bit), Windows Server 2008 R2 (64-bit), Windows
Server 2008 (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows 2000 SP4. You can
encrypt the drive with either the BitLocker or TrueCrypt.
BitLocker Windows 7 Ultimate and Enterprise editions/Windows 8 Professional and Enterprise editions
http://windows.microsoft.com/en-us/windows7/help-protect-your-files-using-bitlocker-drive-
encryption
1) Open Bitlocker Drive Encryption by clicking the Start Button, clicking Control Panel, clicking
Security, and then clicking Bitlocker Drive Encryption.
2) Click Turn On BitLocker. This opens the BitLocker setup wizard. If you're prompted for an
administrator password or confirmation, type the password or provide confirmation.
3) Follow the instructions in the wizard.
For Bitlocker with Windows Server 2008, Windows Vista
http://go.microsoft.com/fwlink/?LinkId=53779
TrueCrypt
1) Download and Install TrueCrypt [available at http://www.truecrypt.org/] - Free open-source disk
encryption software for Windows.
2) Run TrueCrypt
http://windows.microsoft.com/en-us/windows7/help-protect-your-files-using-bitlocker-drive-encryptionhttp://windows.microsoft.com/en-us/windows7/help-protect-your-files-using-bitlocker-drive-encryptionhttp://go.microsoft.com/fwlink/?LinkId=53779
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 4
3) Create Volume
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 5
4) Encrypt the system partition or entire system drive
5) Type of System Encryption – Normal
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 6
6) Area to Encrypt – Encrypt the whole drive
7) Encrypt Host Protected Area - No
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 7
8) Number of Operating Systems – depends on server configuration [Typically Single-boot]
9) Encryption Options – AES RIPEMD-160
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 8
10) Volume Password -- (do not forget!!) No one can recover a missing password, and the data will
be lost if you forget the password
11) Collecting Random Data
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 9
12) Keys Generated
13) Create Rescue Disk
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 10
14) Burn the iso image to a CD and verify the Rescue Disk
15) Wipe Mode – suggested 3-pass or higher
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 11
16) System Encryption Pretest – will require a reboot of the computer
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 12
17) Pretest Complete
18) Encrypting the drive can take several hours to several days depending on size of drive, speed of
drive, and wipe mode.
Once the drive has been encrypted all data stored on this drive is secure, and a password must be
entered after ever restart of the computer.
Encrypting the data folder Within TrueCrypt, make sure that TrueCrypt was started with Administrator privileges turned on or that
the current user has administrative privileges. There are 3 steps to this Creating a Folder, Mounting a
Drive, and Moving over the MySQL data.
1 Creating a Folder
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 13
1.1 Create an encrypted file volume
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 14
1.2 Create an encrypted file container
1.3 Volume Type - Standard TrueCrypt volume
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 15
1.4 Select File c:\cpmdata
1.5 Encryption Options - AES, SHA-512
1.6 Volume Size - depends on number of files being scanned for a typical office 50 GB, for multi-site
office that scans for every patient 500 GB may be required. [ To determine your current
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 16
database requirements right click on easyopti folder and select properties, it will tell you the
current Size On Disk, depending on how long you have been using Crystal add 50%-500% to the
size of the Container]
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 17
1.7 Volume Password -- (do not forget!!) No one can recover a missing password, and the data will
be lost if you forget the password.
1.8 Large Files – No, by default Crystal PM limits the files to 3.5 GB
1.9 Volume Format – FAT or NTFS, Cluster: Default
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 18
1.10 Format
2 Mount the Drive
2.1 Select an available drive, and Select the File [S: Drive, c:\cpmdata]
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 19
2.2 Enter the password and mount the drive
3 Moving over the MySQL data
3.1 Stop MySQL [run: net stop mysql]
3.2 Move the data folder to the new drive [S: drive]
Typically C:\Program Files\MySQL\data
Or C:\Program Files (x86)\MySQL\data
Move both the mysql and easyopti folders
3.3 Modify the my.ini [located in C:\Windows\my.ini
Change the line
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 20
"datadir=C:/Program Files/MySQL/data/" or "datadir=C:/Program Files (x86)/MySQL/data/"
To
"datadir=S:/" where s is the drive letter
3.4 Start the database [run: net start mysql]
3.5 Every time the server is reset a user will need to login to the server, load the TrueCrypt
software, Mount the drive, and then start the MySQL database [run:net start mysql]
Additional Steps: Each time the Computer is rebooted you will need to run TrueCrypt [and enter the
password] before starting the database.
Encrypt a backup drive 1) Run the TrueCrypt software
2) Create Volume
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 21
3) Encrypt a non-system partition/drive
4) Standard TrueCrypt volume
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 22
5) Select Device, and select the Removable Disk
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 23
6) Volume Creation Mode – Create encrypted volume and format it
7) Encryption Options - AES, SHA-512
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 24
8) Volume Size - Next
9) Volume Password -- (do not forget!!) No one can recover a missing password, and the data will be
lost if you forget the password.
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 25
10) Volume Format
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 26
11) Mount this hard-drive to new Drive Letter [Z:\]
12) Modify the Backup.bat file either on the desktop or in the c:\program files (86)\CrystalPM folder
Right Click on the file and select Edit
-
www.crystalpm.com 2013
Abeo Solution, Inc. (800) 308 – 7169 11118 Conchos Trail, Austin, TX 78726 Page 27
13) Change the new backup location to the mounted folder [Z:]