Healthcare organizations warned of risk of Man-In-The-Middle Attacks

In its April cybersecurity newsletter, the Department of Health and Human Services’ Office for Civil Rights advised covered entities and their business associates to use the Secure Hypertext Transport Protocol (HTTPS) to ensure protected health information is not left unsecured.

While HTTPS has been adopted by many covered entities to protect communications from man-in-the-middle attacks, OCR has relayed a recent warning from the United States Computer Emergency Readiness Team (US-CERT) about vulnerabilities that may be introduced by the use of products that inspect HTTPS traffic.

The use of HTTPS inspection products increases security as it allows healthcare providers to detect malware and…

Read more at:

Posted in