Crosscare Security Incident Updates

Status Update - 29th Sept 2022

We are finalizing preparations for data extraction for hosted Crosscare customers and will be sure to communicate our plan to provide customers with their data as soon as we are able.

 

Status Update - 2nd Sept 2022

We currently anticipate data to be available for hosted Crosscare customers in the next two to three weeks. We appreciate that this information may present further operational challenges to you. 

We are working to confirm the best level of data we can extract for you and will share these details with you as soon as we can.  We expect to be able to provide Patient Data, Clinical Data, Drug History, Appointments, Organisations and Users.  We will write to you separately early next week with a firmer timeline and with details of how you can securely request your data and how we will securely deliver this to you. 

The structure of the Crosscare database is not in a format that is usable without the application or running an extract utility that creates a readable format. Therefore, the database itself or a backup of it is not usable to customers without the translation.  We are currently working on providing this to Crosscare customers.

 

Status Update - 25th Aug 2022

As you know, Advanced has recently been responding to a cyberattack which impacted our hosted Crosscare product. Our non-hosted (on-premise) customers were not impacted.

As we have been moving through our recovery process, we have been assessing our ability to restore and provide reconnection to Crosscare. Due to a number of factors, this has been more complex than we initially anticipated.

For hosted Crosscare customers, we envisage that contingency measures could be required for a further eight to twelve weeks. 

Below, we provide more clarity about accessing your data whilst operating under contingency measures.

We understand that this timeline for restoration of your service is not ideal. We take our responsibility to you very seriously and we regret and empathise with the disruption you have faced.

Restoration & Data

We currently anticipate data to be available for hosted Crosscare customers in the next two to three weeks. We appreciate that this information may present further operational challenges to you. 

We are working to confirm the best level of data we can extract for you and will share these details with you as soon as we can.  We expect to be able to provide Patient Data, Clinical Data, Drug History, Appointments, Organisations and Users.  We will write to you separately early next week with a firmer timeline and with details of how you can securely request your data and how we will securely deliver this to you. 

We’d like to sincerely thank you for the patience and understanding you’ve shown us since we started responding to this cyber-attack.

We will continue to keep the Crosscare section of our Cyber Incident Website updated.  If you have any further questions or would like to discuss your situation, please contact your Account Manager.

 

Status Update - 19th Aug 2022

For our Crosscare customers we are still working through our technical assessment to determine the next steps towards recovery.

While our recovery work progresses, we thank customers for continuing to implement their contingency measures. We will provide regular, service-specific updates on our website portal as our efforts progress, and hope to be in a position to provide more concrete news on timelines by the end of next week. 

Forensic Investigation

Our forensic investigation is progressing in line with our timeline and plan. We are now building a much clearer picture of the incident’s root-cause and will soon be in a position to confirm and share Indicators of Compromise (IOCs) with customers on request. In parallel, our third-party experts are well advanced in their investigation into any potential data impact as a result of the incident. We will update customers as appropriate and comply with any applicable notification obligations.

We recognise that this has been a challenging time for our customers, and we appreciate your patience and understanding as we work to recover from this attack. We continue to prioritise the safety and security in all of our decision making and are approaching this restoration process with diligence and rigour.

 

Status Update - 15th Aug 2022

We have continued to work over the weekend and today on our forensic investigation into Crosscare infrastructure and we will be providing updates as we learn more. As a reminder, to help all customers feel confident in reconnecting to our products once service is restored, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service. For Crosscare customers we envisage contingency measures will be required for at least a further three to four weeks.

 

Status Update - 12nd Aug 2022

For Crosscare customers we envisage contingency measures will be required for at least a further three to four weeks.

Our forensic investigation into Crosscare infrastructure is ongoing and we will be providing updates as we learn more. As a reminder, to help all customers feel confident in reconnecting to our products once service is restored, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service.

 

Status Update - 11th Aug 2022

Our forensic investigation into Crosscare infrastructure is ongoing and we will be providing updates as we learn more. As a reminder, to help all customers feel confident in reconnecting to our products once service is restored, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service.

For Crosscare customers we envisage contingency measures will be required for at least a further three to four weeks.

If you do have any specific questions please contact Advanced in the regular way either via your Account Manager or Support Team.