By now you’ve likely heard about the Heartbleed bug, the browser security vulnerability affecting online services and accounts worldwide. We wanted to provide an update you so you have clear information about the security and reliability of SimpleLTC’s long-term care software products.
What is the Heartbleed bug?
Heartbleed is a serious vulnerability in a popular piece of security software called OpenSSL that is used by over two-thirds of sites on the Internet.
Typically, when you visit a secure website (like an online shopping site or your bank’s website), your web browser uses high-strength encryption to ensure no one can read your sensitive data or get access to your credit card number or banking information online. The same technology that protects that information is used by SimpleLTC to safeguard electronic protected health information (ePHI) when you access our software.
The Heartbleed bug allows anyone on the Internet to read the memory of a vulnerable server and collect secret information such as usernames, passwords, or even ePHI that has been sent to the server. In the worst case, the server could actually be compromised badly enough that a hacker could access the “crown jewels”: the encryption keys used to protect secret data as it moves across the Internet. With these keys a hacker could uncover any of the secret information being sent back and forth to the server as if it were not protected at all.
What has SimpleLTC done about it?
SimpleLTC’s Security Response Team responded immediately when the vulnerability was publicly announced on April 7. After analyzing the situation, our engineers updated affected servers and reissued new encryption keys to all servers in order to ensure our users’ data remained safe and secure.
In addition, we proactively forced users to update their passwords upon the next login in order to ensure their accounts remained secure.
Is SimpleLTC software safe?
Yes. SimpleLTC has found no evidence that any customer accounts or protected health information were compromised.
What should I do?
While some vendors in the long-term care industry have updated their software to counter the Heartbleed vulnerability, it’s apparent that many have not. As an additional precaution, SimpleLTC strongly encourages our customers to contact developers of any web-based software they use to ask whether their software was affected and if they have updated their systems to protect against the vulnerability.
Thanks for your trust in SimpleLTC software. As always, please contact our customer support team if you have any questions.