Late last week, Cloudflare, a service that makes up part of drchrono’s client facing infrastructure, disclosed that a now resolved security vulnerability had been discovered in their system which affected a small subset of companies which use their services. Cloudflare has completed an extensive internal review and has concluded that drchrono and its domains were not one of the companies impacted by the security breach.
In an independent investigation, the drchrono security team verified Cloudflare’s assessment and is confident that customer information has remained secure.
Security is a top priority for the drchrono team. We take a variety of measures to protect our customers and services, including state of the art encryption to protect information and performing regular security reviews of our system infrastructure. We are continually evolving our security practices, taking advantage of the best technologies and strategies to ensure secure service for our customers.
While your information was not impacted by this vulnerability, this serves as a good time to remind our customers to exercise good security practices to help protect their accounts. These include:
- Enabling two-factor authentication. Two-factor authentication adds an additional layer of security that requires you to enter a unique verification code when you log into your account. This helps protect your account even if your password is stolen. We are asking that all users turn this feature on as a best practice. To learn more, visit our guide on setting up two-factor authentication found here.
- Selecting strong and unique passwords. Good passwords are both long and random. For your drchrono account password, you should avoid using names, places, names of products or services (e.g., “medical” or “drchrono”), and any other factoids that people may know about you or that are discoverable online. You should consider using a password manager (such as LastPass, KeePass, or 1Password) to help make this practice easier.
- Rotating your password regularly. This is a best practice and we strongly suggest that if you choose not to use Two Factor Authentication, that you rotate your password as a best practice now. This severely reduces the likelihood your account will be affected in the event your credentials are ever stolen.