The Heartbleed virus has been causing concern in IT operations around the country, including among healthcare providers, and now a San Francisco company has found the danger from the flawed coding could be all too real.
Cloudflare, a San Francisco-based provider of computer network and security services, challenged hackers to use Heartbleed to get encryption keys that would unlock secure data, asking them essentially to prove that Heartbleed is dangerous. It reported four different “winners” to its crowd-sourcing challenge to determine whether the recently discovered Heartbleed bug in a popular, open-source version of encryption software was exploitable by hackers.
“The world was up to the task,” according to several posts on the company's blog. “This result reminds us not to underestimate the power of the crowd and emphasizes the danger posed by this vulnerability,” a Cloudflare blog post
Hackers needed just nine hours before the first one retrieved the decryption key from its test server loaded with the vulnerable OpenSSL encryption software.
In healthcare, the software which has Heartbleed buried deep within it, if deployed could render vulnerable to attack and exploitation provider websites, physician and patient portals, secure e-mail services, medical monitoring devices and remote-access PACS/RIS systems
, according to data security expert Michael Mathews, president, chief operating officer and chief technical officer of CynergisTek, an IT security consultancy in Austin, Texas.
Reports were circulating Monday that it already had been used to steal personal data from Canada's tax collection agency.Follow Joseph Conn on Twitter: @MHJConn