Banner
  • Utilizing Medical Malpractice Data to Mitigate Risks and Reduce Claims
  • Industry News
  • Access and Reimbursement
  • Law & Malpractice
  • Coding & Documentation
  • Practice Management
  • Finance
  • Technology
  • Patient Engagement & Communications
  • Billing & Collections
  • Staffing & Salary

The Heartbleed Bug and your Medical Practice

Article

Chances are you've heard about the Heartbleed Bug, but you may not realize the threats to your medical practice. Here's what you need to know.

Did you lock your house when you left this morning? How about your car when you came into the building? What if I told you two-thirds or more of the locks in the world can now be opened by a single key, and that key is available to anyone that wants it? As of last week, that is the situation the World Wide Web finds itself in thanks to the Heartbleed Bug.

Why you need to care

Hear Jeff Mongelli and Lucien Roberts discuss providing effective patient care in the new age of regulations at Practice Rx, a new conference for physicians and office administrators. Join us May 2 & 3 in Newport Beach, Calif.

This IT security threat, known as the Heartbleed Bug, is estimated to impact two-thirds of all websites. Essentially, if any of your practice work flow involves working with web-based applications, there's a high probability that website is, or has used, OpenSSL for its security. What's ominous about the threat is how widespread OpenSSL is. For example, hospitals, labs, clearinghouses, web-enabled medical devices, mobile apps, web-based EHRs, billing and scheduling programs, and patient portals could all be on the list. Additionally, Cisco and Juniper (common in the most secure data centers), have announced many of their devices are vulnerable. To put it bluntly, this is a serious concern and it could have already caused an immense amount of HIPAA breaches going back several years. Here's is what you need to know and here is what you can do about it.

What is the Heartbleed Bug
Briefly, Secure Socket Layer (SSL) is the code behind a web site URL that starts with HTTPS - where the "S" signifies it's secure by use of encryption. OpenSSL is the open source version of SSL, and because it is a less expensive alternative, most websites use it. HTTPS is far from perfect, but it's better than HTTP, which uses no encryption and all traffic is "in the open," Recently, a vulnerability in OpenSSL was discovered, and it happened to be in the part of the code that is referred to as the heartbeat, or the process by which the website checks to see if the connection is still active. The main threat involves a flaw that allows someone to capture small snippets of data in transit. Small snippets means at one time, but programs can be written to repeat endlessly, ultimately yielding vast amounts of sensitive data.

What you can do
The reality is you will likely never discover if your information or your patient's information has been exposed through this bug. Simply having the vulnerability does not mean it's been exploited. What you can do is focus on protecting yourself. Here's what we're telling our clients to do. First, create a list of potentially impacted websites and devices you use where sensitive data is communicated, including your networking gear. Second, immediately change your passwords since your credentials are included in the data that could have been exposed. Third, contact those vendors and confirm if they were impacted, and if so, if they patched their systems. If they tell you they're working on it, and thousands of companies still are, be sure they notify you when they have completed the task so you can then change your password again.

Revelations are still coming out about the potential depth of this vulnerability. New fears are that the Internet itself could be brought to a crawl as companies struggle to remediate the threat. As for the data that's been exposed, if you become aware that you were not only impacted by the Heartbleed Bug but that your protected health information was exploited, you need to follow the new breach notification laws, contact your HIPAA vendor, or your attorney to determine what steps need to be taken.

Recent Videos
MGMA comments on automation of prior authorizations
Erin Jospe, MD gives expert advice
A group of experts discuss eLearning
Three experts discuss eating disorders
Navaneeth Nair gives expert advice
Navaneeth Nair gives expert advice
Navaneeth Nair gives expert advice
Matt Michaela gives expert advice
Matthew Michela gives expert advice
Matthew Michela gives expert advice
Related Content
© 2024 MJH Life Sciences

All rights reserved.