Turns out there is an awful lot to think about for the development of a stable and secure data management platform. It’s been a steep learning curve but Mythili is very comfortable in this world. I just let her get on with it and sought wiki for the terms I don’t know in an attempt to keep up. For example:
* Penetration testing ‘an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.’
* GDPR – General data protection regulations (agreed protections within European Union member states) endorsing:
- The Right to Information.
- The Right of Access.
- The Right to Rectification.
- The Right to Erasure.
- The Right to Restriction of Processing.
- The Right to Data Portability.
- The Right to Object.
- The Right to Avoid Automated Decision-Making.
With plans for release in the UK, Lymbase was keen to meet the exacting data protection regulations in the GDPR. We commissioned an Australian company (Mercury Information Security Systems) to do an external audit and penetration test with consideration for meeting the standards set by the GDPR and we passed with flying colours!
Here is our report card from the penetration test:
‘Lymbase is an Australian based organisation that has developed a fully featured, secure and streamlined tool for the effective assessment and treatment of lymphoedema. In support of this development, Lymbase is seeking enhanced cyber security awareness and guidance. As a leading cyber security practice, Mercury Information Security Services (Mercury) has been asked to validate Lymbase’s application by means of a penetration test.
Testing activity has focused on examining the authentication and authorisation within the application, as well as attempting to bypass security measures and achieve code injection. Additionally, Mercury has attempted to bypass Access controls within the application.
Key Findings
The Lymbase application is especially well designed and securely developed. This penetration test has not identified any vulnerabilities; however, two security best practice observations have been made and detailed below.
Recommendations
Ongoing Security Activities
Lymbase should incorporate regular self-tests/audits of the environment into their ongoing information security program, especially after any major changes to the application.’
Of course, our commitment to data safety cybersecurity ensures Lymbase will be reviewed and amended forevermore to secure the safety of patient data.