The Heartbleed Bug's Impact on EHR Systems

more+
less-
more+
less-

As reported in the media, a serious vulnerability in the popular OpenSSL cryptographic software library, called the Heartbleed bug, was recently discovered. This vulnerability permits the theft of information, including secret keys used to identify service providers, the names and passwords of users, and actual content, that, under normal circumstances, is protected by SSL/TLS encryption. Most health care providers, however, are not aware that many web-based electronic health record (EHR) systems often use OpenSSL's encryption software to secure protected health information (PHI). These web-based systems may be vulnerable to the bug.

Accordingly, for our provider clients, we have two recommendations. First, we recommend that providers contact their vendors to find out (1) whether their system is (or was) subject to the Heartbleed vulnerability and (2) whether the vendor has deployed the fixed version of OpenSSL. Second, we recommend that providers instruct their users and administrators to change their passwords to prevent any unauthorized access. Please note that passwords changed prior to the vendor's installation of the fixed version of OpenSSL are not secure. Providers should also use this opportunity to review their password policies to ensure that they are changed and tested on a routine basis.

More information about the Heartbleed bug can be found here: http://heartbleed.com

This vulnerability has affected several applications and web-based services.

Topics:  Cybersecurity, EHR, Heartbleed

Published In: General Business Updates, Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Baker Donelson | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »