I'm developing a SaaS in healthcare. Users are trusting my SaaS with their very private medical information.
I expect my platform (LAMP based) to be breached sooner or later and I'm looking for ways to minimize data leakage.
Currently I have
- user passwords hashed and salted
- user real names, phone numbers are in plain text
- user private medical data in plain text
I'm looking for some pointers where to look about this subject. All comments are appreciated!
On
There are few problems with what you've listed so far.
First, you probably need to do more than just salt and hash your password. You should be using an adaptive hashing algorithm like bcrypt. Normally hashes are designed to be very fast, which isn't a very secure property because it enabled brute-force attacks. Things like bcrypt are designed to be much slower to prevent these attacks (but still be fast enough to not cause performance problems).
Next, you cannot store medical data in plain-text. Many healthcare institutions won't even consider using your software unless all data "at rest" is encrypted. This means that you need to store all your data in an encrypted form. This obviously applies to sending data as well.
For more information check out HIPAA, which talks about what you can, can't, and shouldn't be doing with healthcare data. Meeting HIPAA requirements will almost certainly be a requirement if you want to sell this software anywhere.
On a more personal note, you should consider following the Healthcare Industry stack exchange proposal. It would be a good place to ask questions like this, with a lot of experts working in Health IT to help.
It sounds like you are in over your head and the expectation of a security breach is unacceptable. Head over to US HHS Web Site - Health Information Privacy and start reading up on data management requirements in the US at least.