HIPAA Security Vulnerability

What is the Heartbleed bug?

heart bleed bugThe Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library. OpenSSL is an implementation of the SSL/TLS encryption protocol used to protect the privacy of Internet communications between two parties.  Many websites and applications like email, Instant messaging and VPNs uses OpenSSL.

Heartbleed bug exploits a flaw in OpenSSL which allows hackers to view passwords and user names. A remote attacker can gain access to your webserver using OpenSSL and  can gain access to your private encryption key.  Using the key they would then be able to decipher the encrypted traffic to and from the wwbsite.

You are not vulnerable, if you are:

  • Not using OpenSSL
  • Using OpenSSL 1.0.0 or earlier
  • If your organization uses Hardware Security instead of software implementation of SSL
  • Using OpenSSL compiled without the heartbeat function enabled

Not sure?

To assess if you are impacted, use the following link to test your web server: https://www.ssllabs.com/ssltest/  or contact your web hosting service for assistance.

 What do you do?

If you suspect vulnerability, you can take the following steps:

  • Applying the OpenSSL 1.0.1g  patch
  • You can recompile the OpenSSL version in use without the vulnerable “heartbeat” extension.
  • If you use the same password to access your accounts as you use on other websites, please change the password you use to access your accounts.

Contact EHR2.0 at info@ehr20.com if you need any assistance.

Share this in :
The following two tabs change content below.
Our mission is to assist healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information.

Latest posts by EHR 2.0 (see all)