From telemedicine to mobile health to electronic medical records, we see the tech world merging with the medical world more and more. However, for every advantage offered by technology, there are several risks — especially when it comes to patients' rights to privacy.

Since the initial disclosure of the so-called Heartbleed security bug in April, hundreds of websites from commercial sites to governmental ones have been affected by what experts have called one the most catastrophic security flaws in the history of the Internet.

The Heartbleed issue was caused when the Heartbeat Extension was brought to Open Security Socket Layer (OpenSSL) in March of 2012, and the developers at OpenSSL failed to notice a flaw that allowed requesting servers to receive more information than they were actually allowed to access.

Called "Heartbleed" because of the "hole" in the flawed code that enabled hackers to get into otherwise secure servers, the bug wasn't noticed until April 2014 when both Google's security team and Finnish cybersecurity company Codenomicon discovered it within days of each other. Codenomicon quickly took to spreading information about the bug and even created the famous logo and webpage for information about the bug.

Most sites have taken measures to patch the bug in OpenSSL to prevent its exploitation, but some are still vulnerable, and the level of concern for companies running servers that handle personal financial and medical data is still high. In fact, the FBI warned healthcare providers and healthcare IT companies earlier this month about what they deemed one of the largest attacks using the Heartbleed exploit since its discovery.

In a report filed at the Securities and Exchange Commission on Aug. 18, Community Health Systems Inc. stated they had records for 4.5 million individuals, including names, addresses, birth dates and Social Security numbers, stolen from their database. As the 8-K they filed with the SEC explained, "the attacker was able to bypass security measures and successfully copy and transfer certain data outside [CHS]."

Luckily, CHS also noted that "in this instance the data transferred was nonmedical patient identification," but despite the fact that no credit card or medical information was taken, it has rattled the healthcare industry, particularly those in the IT sector.

There is legislation on the books that aims to protect breaches such as Heartbleed. There are also persistent questions about the effectiveness of legislation that already exists, such as the Health Information Portability and Accountability Act (HIPAA) signed into law by Bill Clinton in 1996. The law has been amended to further stipulate how healthcare companies (and the tech specialists with whom they contract) should build and sustain regulatory systems and respond to security risks as they present themselves.

With the growing number of personal mobile apps that collect and store user medical data all in the name of convenience for both patients and their treating doctors healthcare officials, tech developers and patients all need to be cautious.

"Health apps and are expanding at a rapid rate, so quickly that the FDA, despite its best intentions and efforts, has been unable to regulate each new app before it hits the market," says Tim Cannon of HealthITJobs.com. "Instead, their focus is on those medical apps that could cause serious harm to users, such as apps that contain misleading health information. Smartphone users should be wary of inputting medical information within any app that has not been reviewed by and federal regulatory bodies for HIPAA compliance."

Thanks to the renewed push to protect sensitive information that the Heartbleed scandal has created, the federal government is now helping create a more secure cloud computing environment by developing the Federal Risk and Management Accreditation Program or FedRAMP.

FedRAMP is a joint project between government agencies and companies from the private sector that will assess and catalog prescreened cloud service providers based on numerous rounds of questioning, testing and other various assessments from both FedRAMP as well as third parties (you can see a list of authorized cloud systems here). These third-party authorized auditors, or 3PAO, also have to go through an equally rigorous application process.

Although measures are being taken now to address the severity of the Heartbleed vulnerability, it's disconcerting to think that so many companies had so much faith in security certificates which proved to be fallible.

It's imperative that companies, in keeping with the amended legislation, have not only the insight to identify potential sources of leaks in systems they trust, but that they also have the flexibility and creativity to respond promptly — ideally before millions of patients have been affected.