What is the Heartbleed bug?
The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library. OpenSSL is an implementation of the SSL/TLS encryption protocol used to protect the privacy of Internet communications between two parties. Many websites and applications like email, Instant messaging and VPNs uses OpenSSL.
Heartbleed bug exploits a flaw in OpenSSL which allows hackers to view passwords and user names. A remote attacker can gain access to your webserver using OpenSSL and can gain access to your private encryption key. Using the key they would then be able to decipher the encrypted traffic to and from the wwbsite.
You are not vulnerable, if you are:
- Not using OpenSSL
- Using OpenSSL 1.0.0 or earlier
- If your organization uses Hardware Security instead of software implementation of SSL
- Using OpenSSL compiled without the heartbeat function enabled
To assess if you are impacted, use the following link to test your web server: https://www.ssllabs.com/ssltest/ or contact your web hosting service for assistance.
What do you do?
If you suspect vulnerability, you can take the following steps:
- Applying the OpenSSL 1.0.1g patch
- You can recompile the OpenSSL version in use without the vulnerable “heartbeat” extension.
- If you use the same password to access your accounts as you use on other websites, please change the password you use to access your accounts.
Contact EHR2.0 at email@example.com if you need any assistance.
Latest posts by EHR 2.0 (see all)
- Trump Administrations’ Effect on Healthcare Organizations - January 23, 2017
- HIPAA Fine for Lack of Timely Breach Notification - January 11, 2017
- HIPAA Compliance 2016 Year in Review - January 9, 2017