• Industry News
  • Law & Malpractice
  • Coding & Documentation
  • Practice Management
  • Finance
  • Technology
  • Patient Engagement & Communications
  • Billing & Collections
  • Staffing & Salary

The Heartbleed Bug and your Medical Practice

Article

Chances are you've heard about the Heartbleed Bug, but you may not realize the threats to your medical practice. Here's what you need to know.

Did you lock your house when you left this morning? How about your car when you came into the building? What if I told you two-thirds or more of the locks in the world can now be opened by a single key, and that key is available to anyone that wants it? As of last week, that is the situation the World Wide Web finds itself in thanks to the Heartbleed Bug.

Why you need to care

Hear Jeff Mongelli and Lucien Roberts discuss providing effective patient care in the new age of regulations at Practice Rx, a new conference for physicians and office administrators. Join us May 2 & 3 in Newport Beach, Calif.

This IT security threat, known as the Heartbleed Bug, is estimated to impact two-thirds of all websites. Essentially, if any of your practice work flow involves working with web-based applications, there's a high probability that website is, or has used, OpenSSL for its security. What's ominous about the threat is how widespread OpenSSL is. For example, hospitals, labs, clearinghouses, web-enabled medical devices, mobile apps, web-based EHRs, billing and scheduling programs, and patient portals could all be on the list. Additionally, Cisco and Juniper (common in the most secure data centers), have announced many of their devices are vulnerable. To put it bluntly, this is a serious concern and it could have already caused an immense amount of HIPAA breaches going back several years. Here's is what you need to know and here is what you can do about it.

What is the Heartbleed Bug
Briefly, Secure Socket Layer (SSL) is the code behind a web site URL that starts with HTTPS - where the "S" signifies it's secure by use of encryption. OpenSSL is the open source version of SSL, and because it is a less expensive alternative, most websites use it. HTTPS is far from perfect, but it's better than HTTP, which uses no encryption and all traffic is "in the open," Recently, a vulnerability in OpenSSL was discovered, and it happened to be in the part of the code that is referred to as the heartbeat, or the process by which the website checks to see if the connection is still active. The main threat involves a flaw that allows someone to capture small snippets of data in transit. Small snippets means at one time, but programs can be written to repeat endlessly, ultimately yielding vast amounts of sensitive data.

What you can do
The reality is you will likely never discover if your information or your patient's information has been exposed through this bug. Simply having the vulnerability does not mean it's been exploited. What you can do is focus on protecting yourself. Here's what we're telling our clients to do. First, create a list of potentially impacted websites and devices you use where sensitive data is communicated, including your networking gear. Second, immediately change your passwords since your credentials are included in the data that could have been exposed. Third, contact those vendors and confirm if they were impacted, and if so, if they patched their systems. If they tell you they're working on it, and thousands of companies still are, be sure they notify you when they have completed the task so you can then change your password again.

Revelations are still coming out about the potential depth of this vulnerability. New fears are that the Internet itself could be brought to a crawl as companies struggle to remediate the threat. As for the data that's been exposed, if you become aware that you were not only impacted by the Heartbleed Bug but that your protected health information was exploited, you need to follow the new breach notification laws, contact your HIPAA vendor, or your attorney to determine what steps need to be taken.

Related Videos
MGMA comments on automation of prior authorizations
Erin Jospe, MD gives expert advice
A group of experts discuss eLearning
Three experts discuss eating disorders
Navaneeth Nair gives expert advice
Navaneeth Nair gives expert advice
Navaneeth Nair gives expert advice
Matt Michaela gives expert advice
Matthew Michela gives expert advice
Matthew Michela gives expert advice
Related Content
heart stethoscope | © lenetsnikolai - stock.adobe.com

The payer-provider partnership: AI a bridge to better outcomes

April 24th 2024
Article

The crux of payer-provider collaboration lies in alignment.

Digital Marketing for Independent Practices

Digital Marketing for Independent Practices

October 25th 2021
Podcast

Physicians Practice® spoke with Rachael Sauceman, the head of strategic initiatives for Full Media—a digital marketing agency based in Chattanooga, Tennessee—about how practices can best market their services in the digital realm.

cybersecurity | © RoBird - stock.adobe.com

What’s next for cybersecurity and AI in healthcare

April 17th 2024
Article

Although AI shows promise in streamlining administrative tasks like documentation and billing, its integration into clinical decision-making processes sparks some challenges.

The Virtual Waiting Room

The Virtual Waiting Room

October 11th 2021
Podcast

Physicians Practice® spoke with Hari Prasad, CEO of Yosi Health, about how what practices need to know about setting up and making the most of their virtual waiting rooms.

coding | © Khemmanat - stock.adobe.com

Revolutionizing healthcare efficiency through automated coding solutions

April 2nd 2024
Article

Even while other industries made the digital transition, clipboards and paper forms were still common sites in the waiting rooms of doctors’ offices

AI talk robot | © Limitless Visions - stock.adobe.com

Improving physicians' people skills with AI

April 1st 2024
Article

AI can help physicians refine their people skills to improve care

© 2024 MJH Life Sciences

All rights reserved.