The recently announced “Heartbleed” vulnerability impacts a piece of software known as OpenSSL – a common software package used to assure the secure communication of data across the internet.
Like many organizations, Aetna has been working diligently to assess the impact of Heartbleed on our customers and information systems. To date we have determined that our core customer-serving and external facing systems are not impacted.
We have also instituted remediation plans to assure that we quickly address any vulnerable systems, should they be identified. We will take other precautions as necessary to protect customer data. In addition to assessing our own infrastructure, we are diligently evaluating third-party vendor appliances and applications that may be impacted. We will work closely with any impacted vendors to monitor remediation of the vulnerability.
We initiated these proactive steps following the announcement of this vulnerability on April 7.