Cyberattack Drill Exposes Healthcare Industry's Vulnerabilities
Heartbleed and HealthCare.gov
The recent Heartbleed vulnerability in the popular OpenSSL cryptographic software library presented a valuable real-world test of the benefits of these exercises, according to HITRUST. More than one CyberRX exercise participant indicated that they leveraged lessons learned from the CyberRX exercise to react quickly and more effectively address the issues brought up by Heartbleed, HITRUST officials stated.
Charest says there is no evidence that the Heartbleed vulnerability has affected networks related to the HealthCare.gov Web site, but that out of an abundance of caution, HHS decided to ask all registered healthcare.gov visitors to reset their passwords by answering their previously set up challenge questions.
The extra caution arose in part due to healthcare.gov's use of the Akamai content delivery network, which had patched its own Heartbleed vulnerability, Charest says.
HITRUST posted a preliminary report in the wake of the security exercise, with threat preparedness and response recommendations for healthcare organizations. The HITRUST Web site also provides a way for organizations to sign up to participate in future exercises, which HITRUST expects to hold twice a year, according to Nutkis.
Scott Mace is senior technology editor at HealthLeaders Media.
- As Medicare Advantage Cuts Loom, Disagreement Over Program's Stability
- 3 Management Lessons from a Supermarket Debacle
- Medicare Advantage Carriers See 'No Choice' But to Accept Cuts
- Physicians to Appeal 'Docs v. Glocks' Ruling in FL
- CA Fines 8 Hospitals for Medical Errors
- Centralizing the Revenue Cycle Protects the Bottom Line
- Revenue Cycles Get a Boost from Simple JPEG Files
- IOM Identifies GME Problems, Calls for Finance Changes
- Employers Weigh Risks, Benefits of Private Exchanges
- Doctors Feel Pressure to Accept Risk-based Reimbursement