Healthcare Business News

Heartbleed bug exploited within hours in hacking challenge

By Joseph Conn
Posted: April 14, 2014 - 6:30 pm ET

The Heartbleed virus has been causing concern in IT operations around the country, including among healthcare providers, and now a San Francisco company has found the danger from the flawed coding could be all too real.

Cloudflare, a San Francisco-based provider of computer network and security services, challenged hackers to use Heartbleed to get encryption keys that would unlock secure data, asking them essentially to prove that Heartbleed is dangerous. It reported four different “winners” to its crowd-sourcing challenge to determine whether the recently discovered Heartbleed bug in a popular, open-source version of encryption software was exploitable by hackers.

Advertisement | View Media Kit


“The world was up to the task,” according to several posts on the company's blog. “This result reminds us not to underestimate the power of the crowd and emphasizes the danger posed by this vulnerability,” a Cloudflare blog post says.

Hackers needed just nine hours before the first one retrieved the decryption key from its test server loaded with the vulnerable OpenSSL encryption software.

In healthcare, the software which has Heartbleed buried deep within it, if deployed could render vulnerable to attack and exploitation provider websites, physician and patient portals, secure e-mail services, medical monitoring devices and remote-access PACS/RIS systems, according to data security expert Michael Mathews, president, chief operating officer and chief technical officer of CynergisTek, an IT security consultancy in Austin, Texas.

Reports were circulating Monday that it already had been used to steal personal data from Canada's tax collection agency.

Follow Joseph Conn on Twitter: @MHJConn

What do you think?

Share your opinion. Send a letter to the Editor or Post a comment below.

Post a comment

Loading Comments Loading comments...



Switch to the new Modern Healthcare Daily News app

For the best experience of on your iPad, switch to the new Modern Healthcare app — it's optimized for your device but there is no need to download.