The Heartbleed bug exposes websites that use Open SSL encryption software to malicious attacks that can compromise personal data.
UCSF’s IT teams are working to patch software and replace SSL certificates on all systems vulnerable to the Heartbleed bug. You should not reset any passwords on UCSF systems until requested. A helpful article on affected non-UCSF websites can be found at: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
The Heartbleed bug was discovered on Monday, April 7, 2014. Additionally, IT is auditing and patching UCSF systems that are vulnerable to the Heartbleed bug. NOT ALL UCSF systems are affected by this vulnerability.
Steps To Take:
- Change your password promptly when notified by IT. Remember that UCSF IT will never ask you to provide your password through email
- Use caution when visiting a website. If you want to check the potential vulnerability of a non-UCSF site, you can scan its certificate using: https://sslanalyzer.comodoca.com/
Additional Resources: IT has confirmed the following partial list of UCSF sites that are NOT vulnerable to the Heartbleed bug:
- UCSF MyChart (https://ucsfmychart.ucsfmedicalcenter.org)
- Mail@UCSF (https://mail.ucsf.edu)
- MyAccess (https://myaccess.ucsf.edu)
- "Heartbleed What You Need To Know" Library Blog Post (https://blogs.library.ucsf.edu/mobilized/2014/04/16/heartbleed-what-you-need-to-know/)