Because the healthcare community relies upon encryption to safeguard e-Protected Health Information (ePHI), vulnerability to the underlying security of any encryption code is potentially devastating.
The Heartbleed computer bug is gaining substantial media coverage recently, and for good reason. Organizations, especially those in healthcare, should pay special attention to risks from the bug. Heartbleed is not a computer virus, but is actually a software defect. The defect went unnoticed for a long period of time, and was unfortunately adopted by many websites.
Discovered by Neel Mehta of Google Security, the Heartbleed bug is based on a fault in functionality in the widely used OpenSSL library. This library is used by security vendors’ products to secure web browsing and even mobile banking applications. For example, if you go to a site like Amazon, you may notice a little lock in the browser section of the bar with the letters “https”– that is a sign that the website uses, and is a part of, the OpenSSL library. When the Heartbleed bug is exploited, the attacker can retrieve memory, up to 64KB from the remote system. Such information may contain usernames, passwords, keys or other useful information that enables bigger attacks.
Continue Reading Healthcare organizations can take steps to mitigate Heartbleed impact