With new cybercrime incidents being reported every day, there has never been a more important time to be sure you are using a best practices approach to securing your production endpoints. In the past, self-signed certificates were commonplace when setting up healthcare interfaces, even in production. Given today’s security threats – they are a risk not worth taking in your production environments.
Risks with Self-Signed Certificates
- A self-signed cert has no expiration date – therefore they may be “out of sight – out of mind” and hiding in places like your interface engine.
- A self-signed cert can never be revoked – this means that if a private key is compromised, an attacker can spoof the identity of one of the systems in order to access protected data since there is no method to check the revocation status.
Recommended Best Practices:
- Use CA-Certificates for all production environments. CA-signed Certificates have an expiration date and can be revoked which invalidates a certificate in the event of a compromised private key.
- Use tools to flag the use of self-signed certificates in your Interface Engine. This will build awareness of the presence of any self-signed certificates in a production environment so risk mitigation steps can be taken.
For IT teams using the Mirth Connect (NextGen) Interface Engine, Zen’s SSL extension is a great solution to enhance the security of your production instances. The Zen SSL Extension flags self-signed certificates loaded in the interface engine so that they are easily identifiable.
Call Zen today to learn more about best practices to harden your healthcare interface infrastructure.