Home Forums Discussions Problems Has anyone ever tried to BitLock or TrueCrypt their AC Server?

With all the security and regulatory considerations coming down, fully encrypting your dbase and ePHI is a big concern of ours. After talking with AC Support for awhile this morning, they stated that drive and server encryption is possible and they have confirmed that Amazing Charts does not seem to have any problems working with an Opne-Source encryption tool caled "TrueCrypt"; however nobody knew if the same was true for using a popular Microsoft product such as BitLocker.

My questions then, are:
1. Has anyone successfully encrypted their entire AC server using a tool like BitLocker or TrueCrypt?
2. How did you do it and what problems did you run into?
3. Did you encrypt the ENTIRE server or just the parts that would touch or contain AC and ePHI material; did you leave the system software itself like Windows Server alone?
4. How did encrypting your machine affect any automated backup routines run on your AC server dbase?
5. If you encrypt the entire drive wouldn't that also encrypt your backups, too?
6. And if you have encrypted backups, how would you restore your server from an encrypted AC backup in the course of some terrible event?

Our server is here with us on site. It is not in some far off data center miles away.

TrueCrypt

BitLocker

When things are encrypted, it is generally assumed that a restore will unencrypt the backup. Or it is password protected. AC automatically encrypts the backup.

If you truly want to do server encryption, then you are likely going to want SEDs or Self-encrypting drives. If you are using RAID, then you will have to use SEDs. While SEDs are pricey, the special RAID controllers are even pricier.

You can try to use Jetico or Truecrpt, but you are better off hiring an independent security consultant to get the info. Once you have SED and special RAID controllers, you will need 3rd party software. Attaches is a pdf from LSI.

http://www.lsi.com/products/raid-controllers/pages/megaraid-safestore-software.aspx

I believe I set up my server with bitlocker enabled. It is standard in server 2008r2 and above, along with win 8 pro (and above) and win 7 ultimate and enterprise.

I will check and let you know, but don't think there should be a problem. Odd that AC doesn't know that answer.

Turns out, it is not bitlocker enabled.

Used my backup (my homeserver at home, which has the same basis as Small Business Server Essentials 2011) to enable bitlocker only to find out that it requires a motherboard that has TPM (trusted platform module) enabled or use a separate usb (which would defeat the purpose if it were stolen because it would have to be attached for any restarts.)

I don't know about the MB that my server (in one office) or the prime machine on my P2P system (another WHS box) in regards to TPM module.

I'll need to investigate more. Interesting development.....

If you want to go the right way, you will need SEDs. There are probably other ways. I can get you the web site, but if you BING Self Encrypting Drives, you will get your answer.

You have to be very careful encrypting data on your server. And, when looking at it encrypting data while running isn't nearly as helpful as when the drives are off. For instance, Cryptolocker would not be affected by encryption as the server would still look at all files as .docx, .pdf, etc. and Cryptolocker would encrypt those.

This is one of those things where allowing the experts to help you will cost no more than DIY. If you are going to need SED with RAID, and you are going to have to buy them somewhere, why not go to that company and get the scoop. It's a great idea. Just need to do it correctly.

A few points:

1. Encrypting the server drives using SED's is inadequate as that covers the server only and not all the PHI residing on the workstations. Using TrueCrypt or Bitlocker can get all Windows computers in the domain. I recommend bitlocker because you can centrally manage it on the domain controller. Do keep in mind that for versions of Windows before Vista and for non-Windows computers in the domain, a third party solution will need to be considered.

2. It is quite correct that if no TPM chip is available, then with bitlocker the decryption key will need to be printed out or stored on a USB drive. While this is not ideal, it can work. The person in charge of the encryption will need to be most diligent. If the USB chip is stolen or lost, then the idea is to assume a breach in security has occurred.

3. The encryption we have discussed thus far (SED, TrueCrypt, Bitlocker) does not affect backups. Backups from computers encrypted in such a way are unencrypted.

Each encryption method has its strengths and weaknesses that will need to be considered.

JamesNT

Not sure about the backups. All mine are encrypted. James has some good points, but I'm not sure I would just go with a free solution like Bitlocker.

If you keep PHI on your clients, then you deserve to pay HIPAA the penalties. That is what a server is for.

You may also wish to look at Jetico. At least you can talk with support there.

Bert,

Even those with a server have PHI on their workstations. Consider the following:

* Users who create Office documents and store them in their My Documents folder. Even with Folder Redirection turned on, the client computer keeps a local copy of the user's documents in the user's profile. This is how users can take their documents "offline" (think people that have laptops and travel a lot). Windows even provides nifty configurations for things like Slow Link Detection for those users who are connecting to the network via VPN, dial-up, or branch cache.

* Outlook *.pst file is stored in the user's local profile.

* Browser cache which may contain cookies with saved passwords to medical websites or other valuable information. Users of Chrome were once very vulnerable to this problem.

It simply isn't feasible to enforce the idea that no client will have PHI.

Out of all the encryption methods mentioned thus far, Bitlocker would be the one I would go with. The ability to centrally manage its deployment alone is worth it.

JamesNT

The issue IMO though, is if you are using a USB key, it must remain in the computer or the computer cannot be auto-updated (with restart).

While I am not a big fan of auto-updating, I have my servers set that way because I ignore them for weeks to months at a time, and they need updating. Any auto-restart would lock up the server without the key.

If the key were present, then there is functionally no encryption if the computer were stolen, so what's the advantage?

Wendell,

The issue is that you have two choices: Remain ever diligent with the USB key or upgrade to a system with a TPM chip.

You're options aren't much better with TrueCrypt.

JamesNT

I despair of ever satisfying the requirements of HIPAA.

1. Even NSA can't keep things from leaking out
2. No matter how much money I spend on consultants and hardware, it will never be enough.
3. It would be easy for IT issues to completely consume the entire budget of my practice -- and take all the time. Seeing patients has almost become a byproduct of Information Technology activity.
4. There is NOTHING in the fee structure of insurance companies and government to pay for IT. NOTHING!! It costs far more than paper charts, and the cost goes up all the time as new requirements are added, and the fee schedules were set in the paper days. And I don't see them increasing -- mostly, they are the same or down.
5. No one can tell me that "increased efficiency" is paying for this. At least, it doesn't work for me, though there are certain aspects of EMR that I appreciate.
6. And this is with AmazingCharts --- which for now is affordable and manageable by ordinary citizens without special IT training.

In Indiana, just wait until you die. Then all of your preciously guarded health facts can be learned by anyone who cares enough to read your death certificate. HIPPA does not outlast death.

BitLocker with TPM really is the best choice. Lots of other encryption methods require you to authenticate before the Operating Systems starts so that would make remote access very difficult if you had to restart.

You can use BitLocker-To-Go on the backup drives. That would encrypt the backups.

I haven't heard reading through these posts
HAS or HASN't any user succeeded using bitlocker ( or truecrypt, which has now gone off the air) to encrypt the server upon which the database resides?

We're using just simple desktop computer as servers for AC

Thinking of paying IT to encrypt the server hard drives.

thanks

Lynn

Yes, we use BitLocker with TPM on all of our medical servers. Standard issue. Works well with minimal performance impact.

The issue with most other disk encryption software is that they are meant for standalone computers. Microsoft was thinking ahead with the TPM in that regard so you didn't have to enter a password every time your computer rebooted. That could be a bit difficult remotely.

You can debate which is best, but my thought is when you are dealing with computers, ESPECIALLY, a server, using a Microsoft product means it will be supported fully by Microsoft. If you use something like TrueCrypt, they may not.

Sandeep, correct me if I am wrong.

thanks guys - bitlocker it is .

Bert is right. Especially with something that makes it near impossible to recover using traditional methods. I would go for the supported method. The TrueCrypt was also abandoned by the developers who say to use Bitlocker. It's not really a viable option anymore.

http://truecrypt.sourceforge.net/

I also read somewhere that Microsoft will not give in to the FBI or the UK as far as having a backdoor entry to the encrypted drive. This was way back though so not sure if it is still the case.

I doubt that. Pretty sure they have backdoors in everything nowadays lol. I remember a story from a few researchers who found 2 or 3 DLL's hidden in Windows that had a signature for the NSA.

I wonder if TrueCrypt pulled a Lavabit. Rather than compromise customer information with a backdoor, they chose to shutdown.