By now you have probably heard the buzz around a security risk called Heartbleed that has been identified as part of the OpenSSL cryptographic software. The Heartbleed bug compromises the secret keys used to identify service providers and encrypt traffic when connecting over the Internet. If a computer system uses the vulnerable version of OpenSSL, then attackers could steal data and impersonate services and users.
At PDHI, we take security very seriously and will continue to protect our clients’ data using the highest security standards. We have taken the following steps to address issues raised by Heartbleed.
- We reviewed all of the systems responsible for maintaining client information and confirmed that we do not use OpenSSL in any of our environments and therefore are not impacted by the Heartbleed bug.
- We reached out to all clients and partners who connect to PDHI servers directly for the purposes of single sign-on (SSO) or bulk data transfer (FTP). Where the client or partner server may have been compromised by Heartbleed, we have issued new security credentials.
For further information on the Heartbleed bug, we recommend the following resources: