'Heartbleed Bug' Not Affecting Vermont Health Exchange, Banks

Apr 11, 2014

Vermont’s major banks and credit unions as well as the state health care exchange report that they are safe from the Heartbleed Bug, an online security vulnerability. 

The bug was a problem with the technology that secures online traffic, protecting things such as user passwords and banking information as it passes through the Internet. A problem with Open SSL, one such security technology, made it possible for third parties to intercept this privileged information without either the sender or the recipient noticing.

The bug makes it so that emails, documents, passwords and financial information are not safe on some websites. Users can check a given site’s security here.

In Vermont, most of the major banks and services that handle sensitive information are safe. New England Federal Credit Union, Vermont Federal Credit Union and the Vermont State Employees Credit Union all report that their web-based services are safe from Heartbleed exploits.

Vermont Health Connect spokeswoman Emily Yahr said via email that the state health exchange is also safe.

“We conducted an assessment of the Vermont Health Connect environment this week and found that we do not use a version of Open SSL that is vulnerable to Heartbleed,” Yahr said. “Of course, as part of our normal protocol, we will continue to monitor and maintain the site’s security.” 

Safe Sites:

  • Vermont Health Connect
  • New England Federal Credit Union
  • Vermont Federal Credit Union
  • Vermont State Employees Credit Union
  • Small Dog Electronics, which sells Apple computers and accessories online in addition to its Vermont stores, also reports that customer data is safe.
  • Burlington Electric Department spokeswoman Mary Sullivan says the utility uses a third-party payment processing contractor, but "as of yet, we think we're all clear."
  • Green Mountain Power spokeswoman Kristin Carlson said Friday that the company has not yet experience problems and they they're "continuing to monitor" the situation. GMP also uses a third-party payment processing vendor.