Crosscare Security Incident Updates

Status Update - 2nd Nov 2022

We are pleased to announce that we have reached a key milestone in our technical restoration of Crosscare and are able to share further details on the timeline and next steps. Part of this requires action on your part regarding your Citrix Accounts – the details are below.

We are working with a pilot customer who will be testing the restored application with us between now and the end of November. Providing this testing is successful, and no unexpected or complex issues that require further remediation arise, we aim to restore full service to all Crosscare customers on or shortly before the 6 December 2022. 

To be ready for your restoration you will need to request new Citrix accounts to be set up as per the instructions below.  We will contact you directly when your application is available again. If complications arise in pilot customer testing, we will reach out as soon as possible with any anticipated delays in the timeline.

How to request your new Citrix accounts

As part of the technical restoration work, your Crosscare application will be moved into a new Citrix environment. Existing Citrix accounts will not be carried across, and therefore we need to verify with each customer the Citrix accounts they will require . All individual Crosscare users will need to have their own, named Citrix account. To ensure your application access is restored within the above proposed timelines, it is important you raise a single Support request for [YOUR COMPANY NAME] via the Customer Support Portal, titled “Crosscare Citrix Account Request” and provide all required accounts in the following format before the end of November 2022.  The email address for each account must be business accounts and use your business email extension [@companyname.co.uk].

Please request all required accounts via a single Support case and contact to avoid delayed communication and/or confusion.

Users will receive their new Citrix username and password via email at the point of your system being brought back online.


 

Status Update - 13th Oct 2022

The first priority for Crosscare customers has been to make clinical data available in the form of a data extract. This process is now ready, and customers can request their data by submitting a ticket to the Customer Support Team. Requests will be worked through as quickly as possible by the support team, with the data extract being supplied through a secure process once generated.

A plan is in place regarding the recovery of service for Crosscare customers, and technical actions to implement this are underway. We will continue to provide updates on the recovery status via the Crosscare section on our Cyber Incident website.


 

Status Update - 29th Sept 2022

We are finalizing preparations for data extraction for hosted Crosscare customers and will be sure to communicate our plan to provide customers with their data as soon as we are able.


 

Status Update - 2nd Sept 2022

We currently anticipate data to be available for hosted Crosscare customers in the next two to three weeks. We appreciate that this information may present further operational challenges to you. 

We are working to confirm the best level of data we can extract for you and will share these details with you as soon as we can.  We expect to be able to provide Patient Data, Clinical Data, Drug History, Appointments, Organisations and Users.  We will write to you separately early next week with a firmer timeline and with details of how you can securely request your data and how we will securely deliver this to you. 

The structure of the Crosscare database is not in a format that is usable without the application or running an extract utility that creates a readable format. Therefore, the database itself or a backup of it is not usable to customers without the translation.  We are currently working on providing this to Crosscare customers.


 

Status Update - 25th Aug 2022

As you know, Advanced has recently been responding to a cyberattack which impacted our hosted Crosscare product. Our non-hosted (on-premise) customers were not impacted.

As we have been moving through our recovery process, we have been assessing our ability to restore and provide reconnection to Crosscare. Due to a number of factors, this has been more complex than we initially anticipated.

For hosted Crosscare customers, we envisage that contingency measures could be required for a further eight to twelve weeks. 

Below, we provide more clarity about accessing your data whilst operating under contingency measures.

We understand that this timeline for restoration of your service is not ideal. We take our responsibility to you very seriously and we regret and empathise with the disruption you have faced.

Restoration & Data

We currently anticipate data to be available for hosted Crosscare customers in the next two to three weeks. We appreciate that this information may present further operational challenges to you. 

We are working to confirm the best level of data we can extract for you and will share these details with you as soon as we can.  We expect to be able to provide Patient Data, Clinical Data, Drug History, Appointments, Organisations and Users.  We will write to you separately early next week with a firmer timeline and with details of how you can securely request your data and how we will securely deliver this to you. 

We’d like to sincerely thank you for the patience and understanding you’ve shown us since we started responding to this cyber-attack.

We will continue to keep the Crosscare section of our Cyber Incident Website updated.  If you have any further questions or would like to discuss your situation, please contact your Account Manager.


 

Status Update - 19th Aug 2022

For our Crosscare customers we are still working through our technical assessment to determine the next steps towards recovery.

While our recovery work progresses, we thank customers for continuing to implement their contingency measures. We will provide regular, service-specific updates on our website portal as our efforts progress, and hope to be in a position to provide more concrete news on timelines by the end of next week. 

Forensic Investigation

Our forensic investigation is progressing in line with our timeline and plan. We are now building a much clearer picture of the incident’s root-cause and will soon be in a position to confirm and share Indicators of Compromise (IOCs) with customers on request. In parallel, our third-party experts are well advanced in their investigation into any potential data impact as a result of the incident. We will update customers as appropriate and comply with any applicable notification obligations.

We recognise that this has been a challenging time for our customers, and we appreciate your patience and understanding as we work to recover from this attack. We continue to prioritise the safety and security in all of our decision making and are approaching this restoration process with diligence and rigour.


 

Status Update - 15th Aug 2022

We have continued to work over the weekend and today on our forensic investigation into Crosscare infrastructure and we will be providing updates as we learn more. As a reminder, to help all customers feel confident in reconnecting to our products once service is restored, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service. For Crosscare customers we envisage contingency measures will be required for at least a further three to four weeks.


 

Status Update - 12nd Aug 2022

For Crosscare customers we envisage contingency measures will be required for at least a further three to four weeks.

Our forensic investigation into Crosscare infrastructure is ongoing and we will be providing updates as we learn more. As a reminder, to help all customers feel confident in reconnecting to our products once service is restored, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service.


 

Status Update - 11th Aug 2022

Our forensic investigation into Crosscare infrastructure is ongoing and we will be providing updates as we learn more. As a reminder, to help all customers feel confident in reconnecting to our products once service is restored, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service.

For Crosscare customers we envisage contingency measures will be required for at least a further three to four weeks.

If you do have any specific questions please contact Advanced in the regular way either via your Account Manager or Support Team.