Henry Ford Health System and HAP Respond to Heartbleed Vulnerability

April 09, 2014

As you may know, a new security flaw or vulnerability called Heartbleed, which was publicly disclosed on April 7, has the potential to compromise usernames, passwords, credit card information or any confidential information thought to be secure via the Internet. The flaw is exposed via software that is widely used to secure Web communications on a wide variety of Internet Web sites (banking, social media, e-commerce, etc.) and has the Internet community scrambling to address the issues that have surfaced.

At Henry Ford Health System (HFHS) and Health Alliance Plan (HAP), we understand how the threat of these kinds of vulnerabilities can cause concern for our patients, members and employees. We want to assure you that there is a low probability that any of our systems would be heavily affected by Heartbleed, because we are not on the same operating system where this vulnerability has been found lurking.

In addition, HFHS and HAP have taken the necessary steps to combat any potential damage that the Heartbleed vulnerability could have on patient, member, and confidential information contained within systems accessible via the Internet. We also thought it would be helpful to provide you with information to protect your personal information.

  • If you are a patient and you have questions about the Heartbleed vulnerability related to your personal health information, or believe that your personal health information has been compromised in any way, contact the Information Privacy and Security Office (IPSO): PrivacySecurity@hfhs.org
  • If you are a HAP member and have any issues related to this vulnerability, contact HAP: informationsecurity@hap.org

If you have more questions about how to safeguard your personal information, use the links below to obtain more information about this vulnerability and how to protect yourself.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

http://filippo.io/Heartbleed/

Henry Ford Health System
Information Privacy and Security Office