United Benefit Advisors Insight and Analysis Blog

Man-in-the-Middle Attacks on ePHI, HIPAA Enforcement in the News

Posted by: Danielle Capilla    May 4, 2017 12:57:07 PM

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued its Man-in-the Middle Attacks and "HTTPS Inspection Products" guidance. The OCR warns organizations that have implemented end-to-end connection security on their internet connections using Secure Hypertext Transport Protocol (HTTPS) about using HTTPS interception products to detect malware over an HTTPS connection because the HTTPS interception products may leave the organization vulnerable to man-in-the-middle (MITM) attacks. In an MITM attack, a third party intercepts internet communications between two parties; in some instances, the third party may modify the information or alter the communication by injecting malicious code.

Read More

Topics: HIPAA, internet security, protected health information, ePHI