There’s another computer security vulnerability making news and this time it’s the Shellshock Bash bug. You can expect an increase in public alarm as more information emerges, especially in light of recent data breaches at Home Depot, Target and Community Health Systems.
SimpleLTC is aware of the Shellshock issue and — because the security of our customers’ data is extremely important to us — we want to provide a quick update about the reliability of our long-term care software.
What is the Shellshock worm?
Shellshock is a recently discovered vulnerability in the Linux/Unix operating systems used in millions of computers across the web. Specifically, the flaw lies in Bash, a standard Unix program used to send commands to the computer’s operating system.
The Shellshock bug could potentially allow attackers to exploit arbitrary commands on Linux-based machines or even Mac computers — presumably in order to do bad things like steal usernames and passwords, expose protected health information (PHI), etc.
Some researchers are comparing Shellshock to last spring’s Heartbleed bug because it could allow a hacker to attack a large number of Linux computer servers all at once. In other words, they could theoretically gain access to large amounts of data without a high degree of effort.
Is SimpleLTC software safe?
Yes. Immediately after the vulnerability was announced, SimpleLTC’s security team audited our systems and determined that Shellshock would not affect our applications, API or websites.
Additionally, SimpleLTC’s network administrators proactively deployed patches (per our security policy) to eliminate any vulnerable software from our network. At no time was there any risk to customer data or PHI.
What should I do to protect my facility?
We strongly encourage all our customers and partners to review their own Linux/Unix systems and apply security patches as soon as possible to mitigate any risk from the Shellshock bug.
Also, while some companies in the healthcare industry are quick to recognize and eliminate security threats, the Community Health Systems breach shows that some are not as proactive as they should be. As an additional precaution, we encourage customers to contact vendors of any web-based software they use to confirm they have updated their systems as well.
Thanks for your trust in SimpleLTC software. As always, please contact our customer support team if you have any questions.