OCR Issues Security Bulletin on HTTPS Transmissions
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published a bulletin on April 3, 2017, warning of potential dangers from using the security measure Secure Hypertext Transport Protocol (HTTPS) to transmit protected health information (PHI) and other confidential information over the internet. Malicious attacks, called “man-in-the-middle” attacks, are specifically designed to intercept and alter these HTTPS communications. Such attacks could result in the exposure or corruption of PHI and breaches of the Health Insurance Portability and Accountability Act (HIPAA).
The bulletin may be found at: https://www.hhs.gov/sites/default/files/april-2017-ocr-cyber-awareness-newsletter.pdf?language=es.