HC3 TLP White Threat Briefing: Securing SSL/TLS in Healthcare February 25, 2021

• SSL/TLS is a secure transport and session
protocol designed to provide confidentiality and
message integrity to web traffic, using a
combination of cryptography and hashing
techniques known as a cypher suite.

• Established in the mid-1990s, SSL/TLS has
underwent many changes due to vulnerabilities
exploited throughout the years.

• SSL/TLS is established with a handshake that
determines what cipher suite and master secret
can be used, and then uses digital certificates to
make a connection between a client and server.

• Using the agreed-upon cipher suite, SSL/TLS uses
cryptography to encode data and hashing
algorithms in order to maintain message integrity.

• As web traffic increasingly relies
upon SSL/TLS, many vulnerabilities have been
discovered, and SSL is no longer safe to use.

• Many threats have emerged, with the
Raccoon Attack being the most recent.

• To mitigate these attacks when possible, using TLS
1.3 is recommended, and using any version of TLS
prior to 1.2 should be avoided.

View full report under Key Resources. 

Key Resources

Related Resources

Advisory
Agencies Issue Advisory as Ransomware Group Accelerates Attacks on Health Care Sector
Public
Letter/Comment
AHA, Others Urge UnitedHealth Group to Provide Breach Notifications on Behalf of the Field
Public
Letter/Comment
AHA Letter to Senate Finance Committee for May 1 Hearing on Change Healthcare Cyberattack
Letter/Comment
AHA Letter to House E&C Subcommittee for May 1 Hearing on Change Healthcare Cyberattack
Advisory
Homeland Security Proposes New Cyber Incident Reporting Requirements
Member
Special Bulletin
UnitedHealth Group Provides Update on Data Impacted By Cyberattack
Member