NOTE: captureproof is not aware of any actual breaches or unauthorized access of information stored on the captureproof platform, but are taking the below measures preemptively, to avoid any data breaches or unauthorized access of PHI.
On April 7th, 2014 information about a new vulnerability in the OpenSSL cryptography library was released. This library is one of the main components used to maintain security & privacy on the internet. The vulnerability (CVE-2014-0160), commonly referred to as Heartbleed, allows an attacker access to the keys used to encrypt traffic between a client & server. Heartbleed is a major risk to all service providers on the internet, including captureproof.
What captureproof is doing
Security & privacy is at the core of captureproof’s promise to its customers. We have implemented a number of security responses and continue to monitor the issue.
1. All servers have been patched to use the new, secure version of OpenSSL. captureproof systems were patched within 8 hours of the patch release, on April 7, 2014.
2. We also are working with our providers to ensure they are either unaffected or patched against Heartbleed.
3. captureproof has re-keyed and deployed new SSL certificates to all our endpoints.
4. We continue to audit our internal communication services and take appropriate measures when applicable.
5. captureproof implements two-factor authentication across all its users mitigating the risk of stolen passwords and implement other encryption methods throughout our application to ensure data privacy.