How does Heartbleed affect you?
The span of the bug is staggering. If a site is vulnerable, sensitive information like passwords and encryption keys could be stolen. To put it simply, the entire server and its data could be compromised. If the site stores protected health information (PHI), then the consequences for a data breach are severe and dictated by government regulation.
So what can you do to stop the Heartbleed?
First, determine which of your favorite sites are vulnerable. There are some online tools that allow for some measure of independent checking, for example you can enter an address here and get a quick confirmation. If you haven’t seen any announcements from a particular site, you may also want to reach out to them and confirm. Once you determine a particular site has been patched, you should assume your current password has been compromised and go ahead and change it. If you’re a medical professional, we urge you to reach out to the websites you use, especially for charge capture, electronic health records, and other patient data, to get a definitive answer on each website’s security status regarding Heartbleed. If you’re a patient, you may want to reach out to your provider to make sure that they have confirmed your security through the websites that they use.
When news broke about this bug, we at pMD set out to determine our exposure. We quickly confirmed that we were using a more mature version of the affected software (OpenSSL), which the bug did not affect. At first this felt fortunate, and on reflection it validated some of the core principles of engineering at pMD. Although we pride ourselves in being innovative with features and making our users' lives easier, when it comes to security and its infrastructure, we are much more conservative. We only adopt the latest technology that has proven security. Owning and operating our own servers without any outsourcing gives us full control on implementing this philosophy. The data we’re entrusted to keep and protect ranges from patient records, charge capture, and secure messages, and in this case, our engineering philosophy helped ensure the security of our customers' and their patients’ precious data from one of the most catastrophic bugs to hit the internet.
You can learn more about Heartbleed here