Protecting the healthcare enterprise from Heartbleed

The Heartbleed bug provides a great reminder to protect against disaster by adopting a strong password, or strengthening the ones you are using. However, until a fix to Heartbleed is in place on the system in use, changing a password provides nothing more than a false sense of security.

Heartbleed is a software flaw in the open source OpenSSL code, a technology used to encrypt two-thirds of all servers on the Internet, the Los Angeles Times estimates.  Use of OpenSSI typically shows up in your browser as a small green padlock icon.

In an April 10 advisory, Cisco revealed that it uses Open SSL in multiple products and that Heartbleed could allow a remote hacker to pull memory in 64 kb chunks from a connected server or client, according HealthcareInfoSecurity. Cisco attributes the vulnerability to a missing bounds check in the handling of the TLS heartbeat extension.

Juniper Networks also has posted an alert on its Web site notifying customers that the TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, leaving private keys, usernames, passwords and encrypted content vulnerable.

Codenomicon, the Finland-based security vendor credited with discovering the bug, advises organizations to deploy the fix for the software, Fixed OpenSSLand test and vet critical software components and applications to identify weaknesses.

Once the fix has been implemented, it is time to ask users to change their passwords. A video version of security expert Bruce Schnier’s advice on creating a strong password that is easy to remember can be found on the Time Web site.

Cheryl Proval,

Vice President, Executive Editor, Radiology Business

Cheryl began her career in journalism when Wite-Out was a relatively new technology. During the past 16 years, she has covered radiology and followed developments in healthcare policy. She holds a BA in History from the University of Delaware and likes nothing better than a good story, well told.

Around the web

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.

The all-in-one Omni Legend PET/CT scanner is now being manufactured in a new production facility in Waukesha, Wisconsin.

Trimed Popup
Trimed Popup