Staffplan Security Incident Updates

Status Update - 29th Sept 2022

For hosted Staffplan customers, data extractions continue to be available upon request, where possible. The build of a minimum viable product (MVP) is progressing as planned against our 30 September goal, and we have engaged with our first pilot customers to prepare them for being brought back online. Once the MVP is ready and has been tested with these pilot customers, we will begin restoring all customer access in a phased approach and utilising a queue-based system to accomplish this. Over the course of the next two weeks, we will be calling customers individually to provide them with a specific timeline for restoration of their MVP. Our goal is to have all customers on an MVP by early November. We are working toward providing the following functionality, as part of the MVP delivery:

  • Auto allocation
  • Automatic Expense Calculator (AEC)
  • Your bespoke reports
  • Bing maps
  • Care Worker screen and tabs/functionality
  • Carer Reviews
  • Carer Training & Qualifications
  • Diaries
  • Emailing – Rotas and payroll
  • Express Bookings
  • GDPR module
  • Invoicing
  • Journals
  • Payroll
  • Recruitment
  • Runs/rounds
  • Schedules
  • Service User screen and all tabs/functionality
  • Standard Staffplan reports
  • Tariff Schemes
  • Wallcharts

We anticipate a full Staffplan system recovery to be completed by the end of 2022. We are also continuing to seek out options for making additional data available to customers and will provide further updates via the Staffplan section of our Cyber Incident website. If you haven’t already requested and received your data, you can do so by submitting a ticket to the Customer Support Team.


 

Status Update - 13th Sept 2022

We recognise that this has been an incredibly frustrating period for you and all our Staffplan customers, and for that we want to sincerely apologise.

Due to additional complexities uncovered by our forensic experts, much of the hardware needed to rebuild Staffplan has had to remain under investigation for longer than we anticipated. This has been necessary for us to fully understand what has happened so that when we rebuild the system in a new, clean environment, it is brought online in a secure state, and our customers can feel confident that it is safe and reliable.

Our dedicated team of Infrastructure and Security engineers and Database Analysts – supported by teams of external recovery experts – has also been developing our go-forward plan. They have now started working through a four-month programme to fully rebuild and reconfigure the Staffplan environment, starting first with the delivery of a Staffplan Minimum Viable Product for you to use, and then adding additional features and functionality thereafter.

Based on our current understanding, we anticipate having a Staffplan Minimum Viable Product (i.e. File Servers, SQL, Backups and Citrix) operational by 30 September. Our aim is that subsequent phases, including mapping to our customers environments and returning Staffplan to full restoration will be completed by the end of 2022.

We are moving through the investigative and hardening process as quickly as possible, and in parallel have also been working to define a high-level plan for restoring each customer. That way, once we are ready to bring the rebuilt Staffplan product online, we have an organised process in place to follow for restoring each customer’s service. We will connect with each customer individually on prioritisation criteria.

In the interim, we have also been working to ensure that all of our Staffplan customers are able to access their data. Data is available up to the date of our last backup on 3 August – the day before the cyber-attack occurred. If you have not already requested and received your data, you can do so by submitting a ticket to your Customer Support Team. 

We would like to again thank you for your patience and hope that this update provides a level of confidence as we continue our recovery.


 

Status Update - 2nd Sept 2022

Additional data extracts have been written to provide:

  • A listing of training items for care workers
  • A listing of recruitment and compliance items for care workers - e.g. DBS details
  • A listing of reviews for care workers - e.g. supervisions, annual appraisals
  • A listing of reviews for service users - e.g. service reviews, care plan reviews
  • An extract of the current Roster tariff structure
  • An extract of funder information linking to the clients they are funding

These scripts have been run and the data exports provided to most customers.

Further scripts are being worked upon on a case by case basis - Please note - Some data requests cannot be provided as they are dependent upon a working version of Staffplan Roster rather than just access to the database.

Our system recovery plan will be available for sharing early next week.


 

Status Update - 25th Aug 2022

As you know, Advanced has recently been responding to a cyber-attack which impacted our hosted Staffplan product. Our non-hosted (on-premise) customers were not impacted.

As we have been moving through our recovery process, we have been assessing our ability to restore and provide reconnection to Staffplan. Due to a number of factors, this has been more complex than we initially anticipated.

For hosted Staffplan customers, we envisage that contingency measures could be required for a further four to six weeks.

Below, we provide more clarity about accessing your data whilst operating under contingency measures.

We understand that this timeline for restoration of your service is not ideal. We take our responsibility to you very seriously and we regret and empathise with the disruption you have faced.

Restoration & Data

For our Staffplan customers, we have been able to make data extracts available to assist organisations in their day-to-day operations. Data available now includes care worker details, service user details, care roster information, service user contacts and service use schedules.  We will continue to seek additional ways for how we can make further data available to customers, and will provide further updates via the Staffplan section of the Cyber Incident Website. If you haven’t already requested and received your data, you can do so by submitting a ticket to your Team Customer Support Team

We’d like to sincerely thank you for the patience and understanding you’ve shown us since we started responding to this cyber-attack.

We will continue to keep the Staffplan section of our Cyber Incident Website updated.  If you have any further questions or would like to discuss your situation, please contact your Account Manager.


 

Status Update - 19th Aug 2022

For Staffplan customers we have been able to make data extracts available to assist organisations in their day-to-day operations. Data available now includes care worker details, service user details, carer roster information, service user contacts, and service user schedules. These datasets can be obtained by submitting a ticket to your Customer Support Team. We continue to seek additional workarounds for how we can make this data available to customers, and will provide updates via our website as usual.

While our recovery work progresses, we thank customers for continuing to implement their contingency measures. We will provide regular, service-specific updates on our website portal as our efforts progress, and hope to be in a position to provide more concrete news on timelines by the end of next week. 

Forensic Investigation

Our forensic investigation is progressing in line with our timeline and plan. We are now building a much clearer picture of the incident’s root-cause and will soon be in a position to confirm and share Indicators of Compromise (IOCs) with customers on request. In parallel, our third-party experts are well advanced in their investigation into any potential data impact as a result of the incident. We will update customers as appropriate and comply with any applicable notification obligations.

We recognise that this has been a challenging time for our customers, and we appreciate your patience and understanding as we work to recover from this attack. We continue to prioritise the safety and security in all of our decision making and are approaching this restoration process with diligence and rigour. 


 

Status Update - 15th Aug 2022

We have continued to work over the weekend and today to recover data for customers and are sharing this as it becomes available and as it is requested. Please use the Customer Support Portal and follow the instructions we have emailed out via NoReply@oneadvanced.com to request your data. This will enable us to ensure that your data is provided safely and in the most appropriate format.

If you have not received an email indicating that your data is available, please log a case with our Customer Support team and we will be in contact with you. Additionally, we are making good progress in building scripts to extract data to support payroll and invoicing following an initial review of our plans with customers. If you have any specific requirements around payroll and invoicing, could you please use the Customer Support Portal to log these with us.

Please rest assured that our team is working through the data access requests as quickly as possible and will continue to do so until we have provided data to all Staffplan customers.

In parallel to our efforts to provide our customers with data access, we are working alongside Mandiant and Microsoft DART teams as part of our Staffplan restoration plan.  

For Staffplan customers we envisage contingency measures will be required for at least a further three to four weeks.


 

Status Update - 12nd Aug 2022

We continue to recover data for customers and are sharing this as it becomes available and as it is requested. Please use the Customer Support Portal and follow the instructions we have emailed out via NoReply@oneadvanced.com to request your data. If you have not received an email indicating that your data is available, please log a case with our Customer Support team and we will be in contact with you. Additionally, we are making good progress in building scripts to extract data to support payroll and invoicing, however if you have any specific requirements around payroll and invoicing, could you please use the  Customer Support Portal to log these with us.

Please rest assured that our team is working through the data access requests as quickly as possible and will continue to do so until we have provided data to all Staffplan customers.

In parallel to our efforts provide our customers with data access, we are continuing to develop our plans for the full restoration of Staffplan.

For Staffplan customers we envisage contingency measures will be required for at least a further three to four weeks.


 

Status Update - 11th Aug 2022

We have made progress in Staffplan’s restoration effort and have enabled database access for our Support staff in order to provide customers with data extracts to assist with contingency measures – around two-thirds of our Staffplan customers have received data. Customers would have received an email detailing how to request their data from NoReply@oneadvanced.com - please follow these instructions. By following the instructions your data will be provided to you via a secure domain and not by email.  We anticipate being able to access data for our remaining Staffplan customers in the next 1-2 days. We have communicated directly with those customers whose databases are available, and we will follow-up with additional customers as their data becomes available.

In parallel we have conducted database extraction tests with our customers and refined the process by which we will provide customers with their data based on the feedback we have received. We appreciate the time taken by those involved.

Please rest assured that our team is working through the data access requests as quickly as possible and will continue to do so until we have provided database access to all Staffplan customers.

With regards to the restoration of your services, a discovery phase has commenced.  For Staffplan customers we envisage contingency measures will be required for at least a further three to four weeks.

If you do have any specific questions please contact Advanced in the regular way either via your Account Manager or Support Team.