Healthcare CIOs: Check for vulnerability of OpenSSL servers to Heartbleed

HeartbleedBugUpdated April 13, 2014 at 6:30 pm

CYBER RISK ALERT!  Just when we thought we were safe online while using websites that display the key security “https” in the URL, we learn that nothing could be further from reality.  On April 7, 2014, security researchers at Codenomicon announced the discovery of a flaw in the OpenSSL (security socket layer) that is used in an estimated two-thirds of the servers that support websites displaying the “https” letters that we have come to trust.  Based on the back-end technology of OpenSSL, which involves what is called a “heartbeat” extension and a leakage of data from the server, this new cyber liability threat has been dubbed Heartbleed.

Vulnerability of HIT and Compliance with HIPAA.  Although the OpenSSL flaw’s name has no direct connection to health information technology (HIT), it ironically could be a pain for health care providers. Continue reading