It was revealed last week that a flaw was discovered in some versions of security encryption code used by millions of websites around the world. The coding error, now commonly referred to as the "Heartbleed bug", was part of the ubiquitous OpenSSL architecture used by businesses and financial institutions all over the world to encrypt their data and keep it safe. Heartbleed would potentially allow hackers, who were aware of this vulnerability, access to the encryption keys used by an affected website. With that information they could theoretically mimic the site or be able to decrypt sensitive data sent to and from that site. Furthermore, this type of attack is completely undetectable, so companies with affected versions of this system have no way of knowing if their server keys have been compromised.
WorkersCompensation.com has reviewed the OpenSSL versions on all of its servers, and has determined that none of our domain properties carried a version containing the Heartbleed bug. User accounts and data handled by workerscompensation.com, workcompresearch.com, flashformssl.com and compevent.com were not exposed by this coding error. Additionally, the partner website workcompanalysisgroup.com was not affected. However, out of an abundance of caution, the company will be re-keying all of its SSL certificates and continue the review of its security encryption software.
WorkCompResearch subscribers will be advised when this process is complete, and will be able to change their passwords if they so choose. Even though company systems were not compromised in this particular situation, it is recognized that many users employ common passwords across multiple sites. Usernames and passwords compromised elsewhere may still provide a risk to subscribers within WorkersCompensation.com systems.