This week an internet security vulnerability named Heartbleed was discovered that allowed unencrypted data in server memory to be accessed without detection. Heartbleed was caused by a bug in certain versions of OpenSSL, a popular piece of data encryption software installed on web servers across the world.

Through a thorough analysis of our production systems by our data center partner, we can confidently inform all US based customers that RevolutionEHR, RevolutionPHR and MyRev data was NOT exposed by the Heartbleed vulnerability at any time. In more technical terms, our US based server access flows through a load balancer that was not vulnerable to this exploit, and therefore RevolutionEHR and RevolutionPHR data was not at risk for undetected access.  Our MyRev server is using a version of OpenSSL that was not compromised.

Our Canadian based servers were recently running the version of OpenSSL that exposed the Heartbleed vulnerability. Our data center has patched OpenSSL on these servers and as a safeguard we are requiring that all Canadian customers change their passwords.

If you have questions about the Heartbleed vulnerability and its affect on RevolutionEHR data, please contact Customer Support.