Magazine article Medical Economics

Heartbleed: 5 Things Physicians Need to Know about the Security Flaw

Magazine article Medical Economics

Heartbleed: 5 Things Physicians Need to Know about the Security Flaw

Article excerpt

Technology

Heartbleed sounds like a medical term, but it is actually a flaw in computer software that has affected web operations for many businesses, including medical practices. Medical Economics spoke with Lee Kim, JD, FHIMSS, director of privacy and security at the Healthcare Information and Management Systems Society, about Heartbleed's impact.

Q: What is Heartbleed?

A: "Heartbleed" is not a virus but rather a vulnerability in software. This vulnerability was caused by a software bug. Asa result of this vulnerability, Internet communications and transmissions that were intended to be encrypted might actually not be encrypted. A hacker may exploit this vulnerability and steal secret keys and information as a result of the unsecure channel. Not every Internet site is affected-only those that use certain versions of OpenSSL.

Many vendors have already issued patches to address this OpenSSL vulnerability.

Q: Should practices with web-based electronic health records (EHRs) be concerned?

A: Practice owners need to contact their vendors to determine if their webbased EHR is vulnerable to Heartbleed and, if so, whether that vulnerability has been patched.

If it has not been patched, the practice owner may wish to inquire about the plan of action to address the Heartbleed vulnerability.

Q: Are office computers at risk?

A: If an office computer exchanges encrypted information over a network, then its information and secret keys might be exploitable by an unauthorized third party. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.