How Does The Heartbleed Bug Impact Health IT Security?

Written by Ronny Bachrach on April 23, 2014. Posted in Software

Data security is one of the most important aspects of the Meaningful Use program, as providers work to collect health data electronically with the objective of improving health outcomes. Storing information on electronic health records, such as medical imaging results, should be securely protected from unauthorized access.

Health care providers can take a range of steps to ensure the safety of their patients' health information, from working directly with the IT department on developing tight security infrastructure to creating portals that require authorized login information for access. Thorough assessments can also be beneficial, as they might be able to weed out weaknesses in the firewalls of practices.

However, what happens when the encryption code of the most basic programs become compromised? How does that impact health care as a whole?

The industry experienced this firsthand when the Heartbleed Bug was revealed by security experts this month.

What is Heartbleed?
For the purpose of maintaining the safety of health data, encryption can be one of the most effective strategies for providers, FierceHealthIT explained. Because of this, many developers utilize OpenSSL, which is a Web encryption program that is widely used by companies such as Amazon and Google. With the discovery of Heartbleed, hundreds of thousands of websites were shown to be at risk of data theft, including health entities.

This is due in large part to the fact that vulnerable parts of OpenSSL code can be found inside programs other than websites, including email systems, firewalls and EHR software. While it varies from vendor to vendor, the threat on data security is very real and has developers working tirelessly to patch their products and keep consumers safe.

"Heartbleed can set back trust in health IT that has been building as it proliferates, and as the protections under HIPAA/HITECH are baked into the policies and procedures of more and more vendors," said David Harlow, principal of health care law at The Harlow Group, quoted by iHealthBeat.

What can be done?
Unfortunately, there is not much health care providers can do. Because the vulnerabilities pertain to programming, developers of Web-based products such as PACS and EHRs have to rework their coding to patch the leak. Check with your PACS or EHR provider for any product specific information pertaining to OpenSSL security or vulnerability. Practices can begin to change login credentials for medical staff, alert patients of the potential breach and encourage them to update their passwords as well.

Ronny Bachrach

Ronny Bachrach

Marketing Director at Viztek LLC
Responsible for all marketing activities including, press, advertising, trade show coordination, website management, dealer and customer communications.
Ronny Bachrach
Don't be selfish share with your friends...
Share on LinkedIn0Share on Google+0Share on Facebook0Tweet about this on TwitterEmail this to someoneBuffer this page
Sign up for our Newsletter

Contact Details