Caresys Security Incident Updates

Status Update - 29th Sept 2022

Our recovery work for Caresys customers continues to progress. Presently, you can request your data by raising a Service Request on our Customer Portal, following instructions you have been sent. The data extracts currently available provide the following:

  • Client Billing Information
  • Roles and Rates (Staff)
  • Clients by Funder
  • Transactions
  • Recent Invoices
  • Care Worker Listing
  • Service User Listing
  • Service User Contacts
  • Care Needs
  • Risk Plans

If you require any additional data, please raise a second case, and describe the additional details you require.

 

Status Update - 22nd Sept 2022

Data extracts are now available for Caresys customers to assist in their day-to-day operations. Data available now includes: 

  • Client billing information
  • Roles and Rates (Staff)
  • Clients by Funder
  • Transactions
  • Recent Invoices
  • Care Worker Listing
  • Service User Listing
  • Service User Contacts
  • Care Needs
  • Risk Plans

These datasets can be obtained by submitting a ticket to your Customer Support Team

While our recovery work progresses, we thank customers for continuing to implement their contingency measures. We will provide regular, service-specific updates on our website portal as our efforts progress.

 

Status Update - 2nd Sept 2022

For our Caresys customers, data extract availability is our priority and we currently anticipate further data to be available for hosted Caresys customers within the next one to two weeks.

The data we expect to be able to make available to you is Resident Data; Care Needs; System User Details; Accident & Incident Information; Periodic Billing Information. We will write to you separately early next week with a firmer timeline and with details of how you can securely request your data and how we will securely deliver this to you.

 

Status Update - 25th Aug 2022

As you know, Advanced has recently been responding to a cyberattack which impacted our hosted Caresys product. Our non-hosted (on-premise) customers were not impacted.

As we have been moving through our recovery process, we have been assessing our ability to restore and provide reconnection to Caresys. Due to a number of factors, this has been more complex than we initially anticipated.

For hosted Caresys customers, we envisage that contingency measures could be required for a further six to eight weeks. 

Below, we provide more clarity about accessing your data whilst operating under contingency measures.

We understand that this timeline for restoration of your service is not ideal. We take our responsibility to you very seriously and we regret and empathise with the disruption you have faced.

Restoration & Data

For our Caresys customers, we currently anticipate further data to be available for hosted Caresys customers within the next two weeks.

The data we expect to make available to you is Resident Data; Care Needs; System User Details; Accident & Incident Information; Periodic Billing Information. We will write to you separately early next week with a firmer timeline and with details of how you can securely request your data and how we will securely deliver this to you.

We’d like to sincerely thank you for the patience and understanding you’ve shown us since we started responding to this cyber-attack.

We will continue to keep the Caresys section of our Cyber Incident Website updated.  If you have any further questions or would like to discuss your situation, please contact your Account Manager.

 

Status Update - 19th Aug 2022

For our Caresys customers we are still working through our technical assessment to determine the next steps towards recovery.

While our recovery work progresses, we thank customers for continuing to implement their contingency measures. We will provide regular, service-specific updates on our website portal as our efforts progress, and hope to be in a position to provide more concrete news on timelines by the end of next week. 

Forensic Investigation

Our forensic investigation is progressing in line with our timeline and plan. We are now building a much clearer picture of the incident’s root-cause and will soon be in a position to confirm and share Indicators of Compromise (IOCs) with customers on request. In parallel, our third-party experts are well advanced in their investigation into any potential data impact as a result of the incident. We will update customers as appropriate and comply with any applicable notification obligations.

We recognise that this has been a challenging time for our customers, and we appreciate your patience and understanding as we work to recover from this attack. We continue to prioritise the safety and security in all of our decision making and are approaching this restoration process with diligence and rigour. 

 

Status Update - 15th Aug 2022

We have continued to work over the weekend and today on our forensic investigation into Caresys infrastructure and we will be providing updates as we learn more. As a reminder, to help all customers feel confident in reconnecting to our products once service is restored, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service. For Caresys customers we envisage contingency measures will be required for at least a further three to four weeks.

 

Status Update - 12nd Aug 2022

For Caresys customers we envisage contingency measures will be required for at least a further three to four weeks.

Our forensic investigation into Caresys infrastructure is ongoing and we will be providing updates as we learn more. As a reminder, to help all customers feel confident in reconnecting to our products once service is restored, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service.

 

Status Update - 11th Aug 2022

Our forensic investigation into Caresys infrastructure is ongoing and we will be providing updates as we learn more. As a reminder, to help all customers feel confident in reconnecting to our products once service is restored, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service.

For Caresys customers we envisage contingency measures will be required for at least a further three to four weeks.

If you do have any specific questions please contact Advanced in the regular way either via your Account Manager or Support Team.