Customer Security and CVE-2014-0160 / Heartbleed
As you may have heard, a critical security bug was discovered on April 7 called CVE-2014-0160 also called “Heartbleed.” The bug is a vulnerability in the popular OpenSSL cryptographic software library, which is used to encrypt and secure the internet. Most people come into contact with OpenSSL through the green https icon in their browser which you see when you browse a secure website.
When you browse and use a website with the green https icon, all your communication between you and the server is encrypted, so sensitive information like usernames, passwords and patient information is safely transferred.
Jasmine Practice Management is built on top of 2 software stacks, Salesforce and Heroku. Salesforce is the application platform which the practitioner uses to take and store patient treatment notes. And, Heroku is the platform for integration with Google apps and the patient self scheduling widget, in addition to the Jasmine website.
Salesforce
Salesforce reports that they are NOT affected by the “Heartbleed” vulnerability, so we and you can be assured that your patient treatment notes are stored securely. Here is the official Salesforce statement:
OpenSSL Project “Heartbleed” Vulnerability Does *Not* Affect Salesforce:
Heroku
On the Heroku side, which manages the Jasmine integrations and website, steps were taken to address the “Heartbleed” vulnerability. Heroku updated all their OpenSSL libraries, SSL Endpoints, and databases. Here is the official Heroku statement:
OpenSSL Heartbleed Security Update:
In turn, for Jasmine Practice Management, we’ve followed their recommendations and updated our passwords and SSL certificates.
Summary
While I’m confident, with the current knowledge we have of the situation, we have addressed the “Heartbleed” vulnerability, we continue to monitor the situation with our partners and application providers.
Thank you for your patience in this matter. As always feel free to reach out to me at contact@jasminepm.com.
Minto Tsai
Founder
