Healthcare Could Catch Heartbleed Bug

By Katie Wike, contributing writer

Heartbleed could infect healthcare if it reaches email accounts, EHRs, and even remote monitoring devices

The encryption bug Heartbleed could allow hackers to get sensitive information from email servers, laptops, mobile phones, and security firewalls. The bug was discovered by a Google engineer and another security team. According to iHealth Beat, they also found it infiltrates systems through a Web encryption program known as OpenSSL, which is used by hundreds of thousands of websites including Amazon and Google.

"Heartbleed can set back trust in health IT that has been building as it proliferates, and as the protections under HIPAA/HITECH are baked into the policies and procedures of more and more vendors," David Harlow, principal of The Harlow Group LLC healthcare law and consulting firm, told FierceHealthIT. "Some of my clients have already informed their customers about the steps they are taking, and explaining why they are taking them - even if they are not directly affected by this exploit."

The Department of Homeland Security says the government's public websites were unaffected, and CMS notes the bug did not affect consumer accounts on the federal health insurance exchange or the Medicare website.

According to experts, the bug has been around for about two years. TIME reports it is much more widespread than initially thought, writing, “The Heartbleed Internet security bug is shaping up to be worse than researchers first realized, possibly compromising routers and other networking infrastructure for a variety of companies.”

CloudFlare CEO Matthew Prince called Heartbleed "the worst bug the Internet has ever seen," adding, "If a week from now we hear criminals spoofed a massive number of accounts of financial institutions, it won't surprise me."