A newly discovered Internet bug known as Heartbleed exposes a flaw in OpenSSL, a cryptographic tool that provides communication security and privacy over the Internet for applications such as web, email, instant messaging and some virtual private networks, such as those used by hospitals.
The Heartbleed bug allows cyber-attackers to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.
The bug also allows attackers to eavesdrop on communications, steal data directly from affected services and organizations and to impersonate users whose information has been stolen.
If a healthcare organization was affected by Heartbleed, it could mean all patient data from electronic medical records and health biometrics to billing information could be vulnerable to theft, according to a Medical Device and Diagnostic Industry report.
An updated version of OpenSSL has been released to fix the flaw, but it will take time for software makers and operating system developers to deploy it.
More Articles on Patient Data Security:
Healthcare Scores Present Growing Privacy Risks, Study Finds
8 Recent Data Breaches Caused by Laptop Thefts
5 Tips to Reduce Third-Party HIPAA Risk