Thank you for your continued patience as we work to restore the remaining Staffplan interfaces. Please see below for the latest update:
iConnect
We expect to complete the external penetration test of the iConnect solution by 10th February, following which we anticipate being able to commence live testing with the first customer site. A further update will be provided on 3rd February.
Thank you for your continued patience as we work to restore the remaining Staffplan interfaces. Please see below for the latest update:
iConnect
The build of the iConnect service is progressing well and we are entering into the final stage of external penetration testing. Unfortunately, we have encountered a small delay in this activity, and this could have an impact on the Pilot being completed by the end of January. A further update will be provided by 27th January.
Interface to Birdie
The restoration of this interface is dependent on the restoration of the Exchange Service, which will take place after iConnect restoration is completed. Please see the update on iConnect above.
Interface to CM2000
The restoration of this interface is dependent on the restoration of the Exchange Service, which will take place after iConnect restoration is completed. Please see the update on iConnect above.
Interface to EveryLIFE PASS
If you are a user of this interface you should have received a letter from us which details the current situation. Please contact your account manager if you have not received a copy.
Thank you for your continued patience as we work to restore the remaining Staffplan interfaces. Please see below for the latest update:
iConnect
The new design for the service has been ratified and approved by our security experts. The build of the service is progressing well and we are currently anticipating that the first live test with a pilot customer will commence before the end of January with other customers being enabled shortly afterwards. A further update will be provided by 20th January.
Interface to EveryLIFE PASS
If you are a user of this interface you should have received a letter from us which details the current situation. Please contact your account manager if you have not received a copy.
Interface to Birdie
The restoration of this interface is dependent on the Exchange Service. Please see the update on iConnect above. It is expected that this service will be restored after iConnect and we will provide a further update by 20th January.
Interface to CM2000
The restoration of this interface is dependent on the Exchange Service. Please see the update on iConnect above. It is expected that this service will be restored after iConnect and we will provide a further update by 20th January.
Thank you for your continued patience as we work to restore the remaining Staffplan interfaces. Please see below for the latest update:
iConnect
We have been experiencing technical challenges in restoring one component of this solution (Exchange Service) in line with our enhanced security model. In order to remove this dependency, our security team are currently assessing a new design for this service. Once the design has been ratified, we will be able to complete the restoration of iConnect. Our current expectation is that iConnect will be restored before the end of January and we will provide a further update before 13th January 2023.
Interface to EveryLIFE PASS
If you are a user of this interface you should have received a letter from us which details the current situation. Please contact your account manager if you have not received a copy.
Interface to Birdie
The restoration of this interface is dependent on the Exchange Service. Please see the update on iConnect above. It is expected that this service will be restored after iConnect and we will provide a further update by 20th January.
Interface to CM2000
The restoration of this interface is dependent on the Exchange Service. Please see the update on iConnect above. It is expected that this service will be restored after iConnect and we will provide a further update by 20th January.
For hosted Staffplan customers, data extractions continue to be available upon request, where possible. The build of a minimum viable product (MVP) is progressing as planned against our 30 September goal, and we have engaged with our first pilot customers to prepare them for being brought back online. Once the MVP is ready and has been tested with these pilot customers, we will begin restoring all customer access in a phased approach and utilising a queue-based system to accomplish this. Over the course of the next two weeks, we will be calling customers individually to provide them with a specific timeline for restoration of their MVP. Our goal is to have all customers on an MVP by early November. We are working toward providing the following functionality, as part of the MVP delivery:
We anticipate a full Staffplan system recovery to be completed by the end of 2022. We are also continuing to seek out options for making additional data available to customers and will provide further updates via the Staffplan section of our Cyber Incident website. If you haven’t already requested and received your data, you can do so by submitting a ticket to the Customer Support Team.
We recognise that this has been an incredibly frustrating period for you and all our Staffplan customers, and for that we want to sincerely apologise.
Due to additional complexities uncovered by our forensic experts, much of the hardware needed to rebuild Staffplan has had to remain under investigation for longer than we anticipated. This has been necessary for us to fully understand what has happened so that when we rebuild the system in a new, clean environment, it is brought online in a secure state, and our customers can feel confident that it is safe and reliable.
Our dedicated team of Infrastructure and Security engineers and Database Analysts – supported by teams of external recovery experts – has also been developing our go-forward plan. They have now started working through a four-month programme to fully rebuild and reconfigure the Staffplan environment, starting first with the delivery of a Staffplan Minimum Viable Product for you to use, and then adding additional features and functionality thereafter.
Based on our current understanding, we anticipate having a Staffplan Minimum Viable Product (i.e. File Servers, SQL, Backups and Citrix) operational by 30 September. Our aim is that subsequent phases, including mapping to our customers environments and returning Staffplan to full restoration will be completed by the end of 2022.
We are moving through the investigative and hardening process as quickly as possible, and in parallel have also been working to define a high-level plan for restoring each customer. That way, once we are ready to bring the rebuilt Staffplan product online, we have an organised process in place to follow for restoring each customer’s service. We will connect with each customer individually on prioritisation criteria.
In the interim, we have also been working to ensure that all of our Staffplan customers are able to access their data. Data is available up to the date of our last backup on 3 August – the day before the cyber-attack occurred. If you have not already requested and received your data, you can do so by submitting a ticket to your Customer Support Team.
We would like to again thank you for your patience and hope that this update provides a level of confidence as we continue our recovery.
Additional data extracts have been written to provide:
These scripts have been run and the data exports provided to most customers.
Further scripts are being worked upon on a case by case basis - Please note - Some data requests cannot be provided as they are dependent upon a working version of Staffplan Roster rather than just access to the database.
Our system recovery plan will be available for sharing early next week.
As you know, Advanced has recently been responding to a cyber-attack which impacted our hosted Staffplan product. Our non-hosted (on-premise) customers were not impacted.
As we have been moving through our recovery process, we have been assessing our ability to restore and provide reconnection to Staffplan. Due to a number of factors, this has been more complex than we initially anticipated.
For hosted Staffplan customers, we envisage that contingency measures could be required for a further four to six weeks.
Below, we provide more clarity about accessing your data whilst operating under contingency measures.
We understand that this timeline for restoration of your service is not ideal. We take our responsibility to you very seriously and we regret and empathise with the disruption you have faced.
Restoration & Data
For our Staffplan customers, we have been able to make data extracts available to assist organisations in their day-to-day operations. Data available now includes care worker details, service user details, care roster information, service user contacts and service use schedules. We will continue to seek additional ways for how we can make further data available to customers, and will provide further updates via the Staffplan section of the Cyber Incident Website. If you haven’t already requested and received your data, you can do so by submitting a ticket to your Team Customer Support Team.
We’d like to sincerely thank you for the patience and understanding you’ve shown us since we started responding to this cyber-attack.
We will continue to keep the Staffplan section of our Cyber Incident Website updated. If you have any further questions or would like to discuss your situation, please contact your Account Manager.
For Staffplan customers we have been able to make data extracts available to assist organisations in their day-to-day operations. Data available now includes care worker details, service user details, carer roster information, service user contacts, and service user schedules. These datasets can be obtained by submitting a ticket to your Customer Support Team. We continue to seek additional workarounds for how we can make this data available to customers, and will provide updates via our website as usual.
While our recovery work progresses, we thank customers for continuing to implement their contingency measures. We will provide regular, service-specific updates on our website portal as our efforts progress, and hope to be in a position to provide more concrete news on timelines by the end of next week.
Forensic Investigation
Our forensic investigation is progressing in line with our timeline and plan. We are now building a much clearer picture of the incident’s root-cause and will soon be in a position to confirm and share Indicators of Compromise (IOCs) with customers on request. In parallel, our third-party experts are well advanced in their investigation into any potential data impact as a result of the incident. We will update customers as appropriate and comply with any applicable notification obligations.
We recognise that this has been a challenging time for our customers, and we appreciate your patience and understanding as we work to recover from this attack. We continue to prioritise the safety and security in all of our decision making and are approaching this restoration process with diligence and rigour.
We have continued to work over the weekend and today to recover data for customers and are sharing this as it becomes available and as it is requested. Please use the Customer Support Portal and follow the instructions we have emailed out via NoReply@oneadvanced.com to request your data. This will enable us to ensure that your data is provided safely and in the most appropriate format.
If you have not received an email indicating that your data is available, please log a case with our Customer Support team and we will be in contact with you. Additionally, we are making good progress in building scripts to extract data to support payroll and invoicing following an initial review of our plans with customers. If you have any specific requirements around payroll and invoicing, could you please use the Customer Support Portal to log these with us.
Please rest assured that our team is working through the data access requests as quickly as possible and will continue to do so until we have provided data to all Staffplan customers.
In parallel to our efforts to provide our customers with data access, we are working alongside Mandiant and Microsoft DART teams as part of our Staffplan restoration plan.
For Staffplan customers we envisage contingency measures will be required for at least a further three to four weeks.
We continue to recover data for customers and are sharing this as it becomes available and as it is requested. Please use the Customer Support Portal and follow the instructions we have emailed out via NoReply@oneadvanced.com to request your data. If you have not received an email indicating that your data is available, please log a case with our Customer Support team and we will be in contact with you. Additionally, we are making good progress in building scripts to extract data to support payroll and invoicing, however if you have any specific requirements around payroll and invoicing, could you please use the Customer Support Portal to log these with us.
Please rest assured that our team is working through the data access requests as quickly as possible and will continue to do so until we have provided data to all Staffplan customers.
In parallel to our efforts provide our customers with data access, we are continuing to develop our plans for the full restoration of Staffplan.
For Staffplan customers we envisage contingency measures will be required for at least a further three to four weeks.
We have made progress in Staffplan’s restoration effort and have enabled database access for our Support staff in order to provide customers with data extracts to assist with contingency measures – around two-thirds of our Staffplan customers have received data. Customers would have received an email detailing how to request their data from NoReply@oneadvanced.com - please follow these instructions. By following the instructions your data will be provided to you via a secure domain and not by email. We anticipate being able to access data for our remaining Staffplan customers in the next 1-2 days. We have communicated directly with those customers whose databases are available, and we will follow-up with additional customers as their data becomes available.
In parallel we have conducted database extraction tests with our customers and refined the process by which we will provide customers with their data based on the feedback we have received. We appreciate the time taken by those involved.
Please rest assured that our team is working through the data access requests as quickly as possible and will continue to do so until we have provided database access to all Staffplan customers.
With regards to the restoration of your services, a discovery phase has commenced. For Staffplan customers we envisage contingency measures will be required for at least a further three to four weeks.
If you do have any specific questions please contact Advanced in the regular way either via your Account Manager or Support Team.