blogheader-bg.jpg

Epiphany Healthcare Blog

Epiphany's Cardio Server Not Directly Affected by "Heartbleed Bug"

Posted by Allison Fawber on April 15, 2014 at 10:13 AM
A security issue called the "Heartbleed Bug" has affected many internetHeartbleed Bug services last week. It was announced last Tuesday that a vulnerability in OpenSSL, a widely-used cryptography software library, could allow attackers to view snippets of the memory content of web servers.

Our team has reviewed our exposure and our installations of Cardio Server are NOT directly susceptible to this vulnerability. The OpenSSL library is not a part of Microsoft's IIS server on which Cardio Server runs. Therefore, Cardio Server is not directly threatened by the vulnerability.

However, there may be vulnerable machines in the path leading to Cardio Server. Epiphany is available to work with you to ensure that your PHI is protected and help solve any other issues outside of Cardio Server that may impact our system.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://heartbleed.com/
https://www.openssl.org/news/secadv_20140407.txt
http://www.troyhunt.com/2014/04/everything-you-need-to-know-about.html

Topics: heartbleed bug, SSL, OpenSSL, Cardio Server security

Posts by Tag

see all

Follow Us: