Thursday, April 17, 2014

What MDs should know about Security on the Internet and using the cloud for your EHR



Although providers are not information technology
experts, it is essential that they understand some aspects of security on the internet. We already know it is a complex process involving multple layers of privacy beginning with passwords, and encryption. In additon to these layers the operating systems for the internet include built in safe guards.

When it comes to security threat severity, the Heartbleed bug doesn't miss a beat. That's according to Phil Lerner, chief information security officer at Beth Israel Deaconess Medical Center, who, on a scale from 1 to 10, ranks the bug a solid "high priority" at 7.5.

For those of you familiar with the recent discovery of the bug named Heartbeat you know that this affects a major component of web site security allowing unauthorized intrustion into an otherwise secure system.  SSL is the eponym for secure socket layer, which appears in  your internet setting of your browser. It affects all browser.  A patch has been released which is supposed to cure the problem.  The ‘bug’ was in the wild for several weeks before it was discovered.

This particular version of SSL is ‘open source’, which means the computer code is open and readily available. Open source is used in many programs for developers to use, as opposed to proprietary source codes such as used by Microsoft, Apple and many others.  Google uses open source in Android and their Chrome browser.

Website owners can find if the bug is present on their system. Estimates are that 2/3rds of web sites are effected.

The idea of using an open source seems anathema to developing a secure socket layer. However, the internet is designed to be an open network of which SSL is a basic commodity. Proprietary  SSLs would create more isolation of diverse providers and web sites.

The original SSL was developed in the late 1990s by a non-profit concern that contracted with the U.S. Government. I plays an essential role for management of domain names such as .com .net and .org.  Many new domains have been issued in the last several years--.med .fr .za .bus .tv and others.  The organization that issues domain names is currently based in California, (ICANN) Internet Commission Assigning Names and Numbers.  The organization was set up as an international non-governmental organization and allow for an agency completely free from government interference.  

Many potential changes are forseen, among them the U.S. withdrawing from ICANN.  ICANN will be assigned the task of evaluating and making policy for domain names, and then handing it off to anothe agency to manage the technical aspects.

Post a Comment