Register Now
Classroom Login
Call Now
Call Now 855-582-8047

‘Heartbleed’ Bug May Affect Healthcare Industry


Healthcare providers' online networks, including electronic health records and remote monitoring devices, may be vulnerable to a recently discovered encryption bug.

By Bisk on May 15, 2014
Heartbleed Bug May Affect Healthcare Industry

It’s the “worst bug the Internet has ever seen," according to Matthew Prince, CEO of website-protecting service CloudFlare, and it could affect the healthcare industry.

Security experts say healthcare providers' online networks, which include electronic health records and remote monitoring devices, may be vulnerable to Heartbleed, a software flaw in a version of OpenSSL code. The technology is used to encrypt two-thirds of Internet servers, according to a Los Angeles Times estimate.

The bug allows hackers to get an undetectable look at the data transmitted between a user and a server after it is decrypted, according to reports.

Though no healthcare-related breaches or vulnerabilities have been reported, the security compromise to machines controlling firewalls and virtual private networks is cause for concern, healthitsecurity.com reported.

"Even a cursory review in the health IT sector showed a number of Web-based [electronic health record] platforms vulnerable, as are some state health insurance exchange platforms and other possible health information exchange platforms," health IT developer Lauren Still wrote on govhealthit.com.

Healthcare providers that don't rely on the version of OpenSSL compromised by Heartbleed still should be worried about the short- and long-term effects, David Harlow, principal of The Harlow Group LLC healthcare law and consulting firm,  told FierceHealthIT.

"Heartbleed can set back trust in health IT that has been building as it proliferates and as the protections under HIPAA/HITECH are baked into the policies and procedures of more and more vendors," Harlow said.

A survey by W3Techs indicates 81% of sites run on Apache and Nginx, and both Web-server programs are vulnerable to the Heartbleed bug, according to CNN.

Though it was only recently discovered, the affected version has been around for two years, the Los Angeles Times reported.

“The growing connectivity among network devices and electronic health records (EHRs) is something the healthcare industry will be thinking about as it assesses Heartbleed’s potential impact,” according to healthitsecurity.com.

Category: Healthcare