The so-called Heartbleed bug that was revealed on April 1 has been shaking up the IT and tech world. It is a flaw in the widely used OpenSSL open-source software used by many websites to ensure the security of transactions and data. According to internet security firm Codenomicon, the bug “allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.”
If you’re thinking this doesn’t apply to your healthcare facility, think again, says MD&DI‘s Chris Wiltz:
If sites should fail to work to fix the bug it could mean that all manner of patient data from electronic medical records and health biometrics to billing information could be vulnerable to theft. Mike Ahmadi, global director of medical security at Codenomicon, is calling Heartbleed “probably the most significant bug to affect the Internet in five years.”
Ahmadi added that “OpenSSL is used for Apache servers, and Apache is very,very common in many industries, including healthcare. It’s very common for back-end applications on a EHR [electronic health record system], for example, to use OpenSSL.”
For more details, read Wiltz’s article on mddionline.com.