HTTPS security is NOT enough to protect all of your web based activities including cloud based EHR’s.
Did you know that although HTTPS is the de facto technology encrypting web browser data it is not “secure” enough to remain safe from interception?
If you are at home or work on a trusted and monitored network there is less of a chance of a problem as long as you are going to the correct website…
But because HTTPS is based upon SSL certificates, the kind you buy from GoDaddy and other numerous companies providing “Trusted Certificates”, there is the potential for lesser certificates to come across your path.
For example, a malicious user can create a fake website imitating a site you commonly visit even bearing a “trusted certificate.” They do this by paying for a SSL certificate assigned to a slightly different URL that they can also easily purchase online from sites like GoDaddy. You’re tricked into believing their fake site is legitimate which draws you into giving up your critical account information to the fake site.
This process is called spoofing and is a common tactic among hackers.
It’s important to always verify your web address is correct. Sometimes spoofing is as easy as changing one letter of an address. i.e. www.bankofamericas.com where the actual site is www.bankofamerica.com.
Is HTTPS broad enough coverage for your care organization?
In addition to spoofing most websites utilizing HTTPS DO NOT utilize unique encryption keys for every website session. Instead they utilize a single encryption key that when comprised could decrypt all data captured from the site for the history of users data.
So, in knowing this will you still utilize a public Wi-Fi spot for conducting business on the internet? Do you feel uneasy accessing cloud based EHR’s because they are utilizing HTTPS and have the presumption of safeguarding your ePHI?
Learn how to protect your on line data transmissions with our quick video…
Your data is critical to your care organization and poses a significant risk if it falls into the wrong hands. Take precautions where you can and limit what you put onto the public internet for others to see.