How we keep your information secure:

We never store your password unencrypted, instead the password is encrypted by salting it and hashing it with SHA-256, which is irreversible. This is why we have to reset your password if it is lost or forgotten, as even we have no way of seeing what your password is. This ensures that even in the event of a data breach, your password is safe.

All of your information is stored on servers at Purdue's Bindley Bioscience Center. Access to these server is restricted. They are kept in a locked room, and only necessary personnel are able to access it. Remote access to the servers is available only using pre-shared RSA encryption keys; password-only access is disallowed. All data backups from the server database are encrypted with AES 256-bit encryption to ensure no information can be gleaned from them without the password.

Access to your personal information within the web site is only visible to your lactation consultant and The Lactor administrative staff, who must be fully versed in HIPAA compliance before access is permitted to the system.

Information transfer from your computer is available using SSL encryption only to ensure that your interaction with Lactor cannot be intercepted by a third party. LACTOR currently receives an "A-" rating for web security from ssllabs. We are working to increase this rating to an "A".

In response to the security vulnerability in OpenSSL discovered on April 7, 2014 (detailed here), We have installed a new certificate and revoked the old server certificate in order to best keep your data safe. The server was patched within hours of the release of the vulnerability details, and to the best of our knowledge no data was stolen, however, if you logged in to lactor on the evening of April 7, we recommend you change your password to ensure your safety.