Subject:                Action Required: Critical Steps to Protect your Server Systems Against Computer-Related Infections
Applies to:           Servers connecting to the Partners network

In an effort to assure clean and stable server systems and various computer-related infections, all Windows and Linux servers connecting to the Partners network must install Trend Deep Security antivirus (version 10.0.2240) and run a full scan.

Instructions to obtain Deep Security installation files and access the console are included in the following Knowledge Base articles.

HOWTO: Install Trend Micro Deep Security Antivirus on Windows Servers
HOWTO: Install Trend Micro Deep Security Antivirus on Linux Servers

A reboot will only be required if any infections are detected upon the scan.

Servers managed by Partners IS have been patched and updated with the latest Trend Micro Deep Security antivirus. These instructions are for all other Windows servers. Please follow these steps carefully as they provide instructions the vendor does not. 

Pre-requirements for updates

1. The account you are using must be a local administrator.
2. You will need access to the Deep Security 10 console & installation files 

• If access is needed, please contact the IS Service Desk and ask them to open a ticket with the “Server-Antivirus Support PHS” assignment group

If you have any questions, or need troubleshooting, please contact the IS Service Desk and ask for the “Server-Antivirus Support PHS” assignment queue.

This alert is to provide additional guidance regarding preventing infection with malware variously named WannaCrypt, WannaCry, WannaCryptor, or Wcry. No changes need be made on Partners standard Windows computers (those with the asset tag, yellow lock and Partners' screensaver).

The following actions need to be taken for any non-standard Windows or personally-owned computer or server running a Windows Operating System:

1. Apply the latest Windows updates. Read More
2. Install Trend Micro antivirus (AV) software and run a full scan. Read More
3. If your machine is infected with Qakbot, the virus that has been causing the login lockouts, a third action is required to disable the task scheduler, reboot, update AV, run a full AV scan, remediate any infections, enable task scheduler, then reboot the device. Read More

Additional instructions for each action are outlined below. Contact the IS Service Desk for assistance or questions.

1. Apply the latest Windows updates
Turn on Windows Update for automatic updating. Most patches will install automatically, but you will be prompted when input is needed during an installation. It is strongly recommended that you click on any Windows Update alerts in your taskbar to be sure your PC does not miss an important download.

1. Visit: http://windows.microsoft.com/en-us/windows/windows-update
2. Then select   Check your settings 

For additional guidance and troubleshooting, visit HOWTO: Run Windows Updates.

Your device must be connected to the Partners Network to download, install and setup Trend Micro Security Software and run Windows 7 or greater.

Please remove any existing antivirus programs from the computer before installing Trend as it this will cause the installation to fail.

1. Visit this internal website to download the software
2. Click on the software package you need to install 32-bit or 64-bit.windows
3. After the download completes, execute the MSI package.
4. Click Start.
5. Click Next to install the OfficeScan agent.

Additional information can be found in the Knowledge Base article, HOWTO: Install TrendMicro Security for Windows.

This Regedit method is recommended to Start/Stop Task Scheduler.

1. Please go to Pearl button (Start) and click on the Search programs and files
2. For more information about the change from Start to Pearl button click here
3. Type regedit and press Enter
4. Please confirm User Account Control pop-up
5. Please navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule and locate Start registry key
6. Double click on Start and edit the value: to 4 (Disabled)
7. Reboot the device
8. Run a full AV scan
9. Remediate any infections
10. Enable task scheduler
    
    1. Repeat steps 1-5
    2. Double click on Start and edit the value: to 2 (Automatic)
11. Reboot the device

See screenshots and additional Instructions for disabling/enabling task scheduler.

Contact the IS Service Desk for assistance or questions.

Applies To: All Users

The Department of Health and Human Services’ Office of the Assistant Secretary for Preparedness and Response held a call on the ransomware attack currently affecting dozens of nations this afternoon.  At least 16 hospitals in the United Kingdom are being forced to divert emergency patients today after computer systems there were infected with ransomware, a type of malicious software that encrypts a victim's documents, images, music and other files unless the victim pays for a key to unlock them.
 
We are taking the following steps and ask for your vigilance:

• We are increasing the sensitivity of our spam filters.  Users should check your daily email message (Cisco spam quarantine) as there is a possibility that legitimate messages will be quarantined.
• Please be extremely careful about opening email attachments and clicking on web links.  Do not do this unless you are certain of the sender and content.  Please forward suspicious messages to nospam@partners.org, or click on the PhishMe button in Outlook, then immediately delete the message.

FYI - sent by Microsoft to PHS IS

What is the purpose of this alert?

This alert is to provide guidance regarding malware variously named WannaCrypt, WannaCry, WannaCryptor, or Wcry. This information is being provided to you so that you can assist customers who have questions related to the issue.

Summary

Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software.  Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. We are using the MSRC blog -Customer Guidance for WannaCrypt attacks to post information and resources in one place, to help customers respond to this latest threat.

The first and most important piece of guidance is to immediately deploy the security update associated with Microsoft Security Bulletin MS17-010, if you have not done so already. Customers that have automatic updates enabled or have deployed this update are already protected from the vulnerability these attacks are trying to exploit.

Malware Detection

Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/WannaCrypt.

In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/ is designed to detect this threat as well as many others.

Recommendations

Review the Microsoft Security Response Center (MSRC) blog at Customer Guidance for WannaCrypt Attacks for an overview of the issue, details of the malware, suggested actions, and links to additional resources.

Keep systems up-to-date. Specifically, for this issue, ensure Microsoft Security Bulletin MS17-010Security Update for Microsoft Windows SMB Server is installed.

Customers who believe they are affected can contact Customer Service and Support by using any method found at this location: https://support.microsoft.com/gp/contactus81?Audience=Commercial.

Microsoft Malware Detection and Removal Tools

Use the following free Microsoft tools to detect and remove this threat:

• Windows Defender: https://www.microsoft.com/en-us/windows/windows-defender
• Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/

Additional Resources

• Microsoft Security Response Center Blog: http://blogs.technet.microsoft.com/msrc
• Microsoft Malware Protection Center Blog: http://blogs.technet.microsoft.com/mmpc
• Microsoft Safety and Security Center webpage: http://www.microsoft.com/security/default.aspx

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.

Thank you,
Microsoft Services

The malware that is causing accounts to be locked out is called "Qakbot." This malware can infect both Windows-based and Macintosh computers.

Antivirus is already installed on Partners standard Windows computers (those with the asset tag, yellow lock and Partners' screensaver). To protect any other device against this malware please download and install “TrendMicro OfficeScan” Antivirus. 

• Windows PC instructions: https://rc.partners.org/kb/article/1801 (not for Partners standard Windows)
• Macintosh instructions: https://rc.partners.org/kb/article/1824

If your machine is infected with Qakbot, the virus that has been causing the login lockouts, a third action is required to disable the task scheduler, reboot, update AV, run a full AV scan, remediate any infections, enable task scheduler, then reboot the device. 

This Regedit method is recommended to Start/Stop Task Scheduler.

1. Please go to Pearl button (Start) and click on the Search programs and files 
2. For more information about the change from Start to Pearl button click here 
3. Type regedit and press Enter 
4. Please confirm User Account Control pop-up 
5. Please navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule and locate Start registry key
6. Double click on Start and edit the value: to 4 (Disabled) 
7. Reboot the device 
8. Run a full AV scan 
9. Remediate any infections 
10. Enable task scheduler
    1. Repeat steps 1-5 
    2. Double click on Start and edit the value: to 2 (Automatic) 
11. Reboot the device

See screenshots and additional Instructions for disabling/enabling task scheduler.

Sent via IS Communications on Wednesday, May 10 at 9:47a.m. - View this message online.

Action Required: Advisory on Account Lockouts

There is currently a sporadic issue where users are receiving an “Account Locked” error.  You may need to log back into your workstation or email.  If you receive this error, please wait 5 mins and attempt to log back in.  If this does not resolve your issue, please call the IS Service Desk.  

Effective May 16, you will be able to log into HealthStream using your Partners username and password. You will no longer need to remember a separate password to complete your HealthStream learning requirements. 

HealthStream is the online learning system used by MGH and Partners HealthCare to administer required annual and departmental trainings.

If you need assistance with HealthStream, or have questions about single sign on, please contact mghhealthstream@partners.org.

REDCap (https://redcap.partners.org/redcap) upgrades to v7.0.14 scheduled for tonight Wednesday April 26th at 8:30 PM EST are complete. REDCap was offline from 8:30-8:45 PM EST.

This upgrade is to apply a necessary patch to address a number of bugs introduced in the upgrade to version 7.0.10. 

If you have any concerns about REDCap being offline at this time, please email edcsupport@partners.org

Windows 10 Creators Update (build 1703) was released on April 11th and will show up as an update for users on their devices. Read more: https://blogs.windows.com/windowsexperience/2017/04/11/whats-new-in-the-windows-10-creators-update/

REDCap (https://redcap.partners.org/redcap) upgrades to v7.0.10 scheduled for Wednesday April 5th at 8:00 PM EST are complete. REDCap was offline from 8:00PM-8:38PM EST. 

This upgradel included a number of new features and bug fixes. These include:

• Repeating Instruments and Events: REDCap now has the ability to repeat a data collection instrument or an entire event of instruments an unlimited number of times without having to specify the amount needed. This is sometimes called one-to-many data collection, in which a project can have one or more repeating parts. The repeating instruments/events feature can be enabled and set up by clicking the Enable button in the Optional Modules section on the Project Setup page.
  • ​​​Note: A separate Service Alert will be sent next week to fully detail this new feature.
• Improvement: New interface for Home/My Projects/Control Center pages.
• Improvement: A zip file containing all uploaded documents (or signature files) for an individual record can now be downloaded from the "Choose action for record" drop-down on the Record Home Page if the user has Data Export privileges.
• Improvement: File Upload fields that are displayed on reports will no longer display the text "[document]", but will instead provide a "Download" button so that the user can actually download the file from the report.
• Field name (variable) auto-suggest when typing branching logic, calculations, or general conditional logic (Survey Queue, Automated Survey Invitation, Data Quality rule, report filter’s advanced logic). While typing logic/calculations into the text box, it will auto-suggest a REDCap variable name from your project that is clickable to inject into the text box. If the project is longitudinal, it will also suggest event names to inject unique event names.
• Real-time validator for branching logic, calculations, or general conditional logic (Survey Queue, Automated Survey Invitation) that allows you to run your logic/calculation on a specific record in the project, and it returns the result. For example, if typing branching logic in the Add/Edit Branching Logic popup in the Online Designer, you can select a record, and it will tell you if the field will be displayed or hidden for that record based upon the record’s currently saved values. When typing calculations, it will return the actually calculated value of the field for a selected record. This makes it easier to formulate your logic and calculations so that you get them right the first time.
• Preview email - When composing an email on the "Email Users" page in the Control Center and also when composing survey invitations (e.g., the Participant List, Automated Survey Invitations set up), there is now a Preview option for viewing the fully-rendered HTML preview of the email that is being composed. Additionally, there is an option to send a test email to oneself in case they want to actually receive a copy the email being composed before officially sending it to others.

Full release notes available here.

If you have any concerns about REDCap being offline at this time or any questions about these new features, please email edcsupport@partners.org

REDCap v7.0: New Feature Release and User Group Meeting

BWH: April 11th 2017 3:30-4:30PM, Thorn Conference Room

Click to register.

MGH: April 20th 2017 3:00-4:00PM, Simches Building Room 3.120, 185 Cambridge Street

Click to register.

This user group session will review the new feature releases and how best to implement and retro fit to production projects. We will also use the time for users to share their experiences and tips/tricks.

Service Alert: REDCap Infrastructure/Security Update 

We are continually re-evaluating the security of our servers. As a result, we have disabled support for TLS 1.0 and certain encryption ciphers that are considered weak.

If you notice any issues accessing the REDCap application via API or other, please contact edcsupport@partners.org. 

REDCap: API and DET User Group Meeting

BWH: April 24th 2017 10:00-1100AM, Thorn Conference Room

MGH: April 27th 2017 1:30-2:30PM, Simches Building Room 3.120, 185 Cambridge Street

Main Objective: Provide support, best practices, and guidance to REDCap End-Users utilizing the REDCap API and DET

Learning Objectives:

-Learn how to access REDCap's API, DETs
-Learn how to best implement the API, DETs
-Review updates to API features in REDCap v7.0
-Understand the current limitations and when to contact ERIS or Research CORE for additional support

Target audience: Researchers that have evaluated and decided to use REDCap and/or have started a REDCap project. Researchers with basic level programming experience.

Applies To: All Users

Information Systems Maintenance (ISM) took place on Monday, February 13th from 12:00 am to 4:00 am.

During that time, planned system maintenance and testing was be performed by IS teams. This routine maintenance reduces the risk of unscheduled outages on our computer network and to the Internet.

Impact to systems and applications

• VPN was available during the ISM.
• Sunquest was down from 2:00am – 4:00am.  All data will be queued up during the downtime, and transmitted when interfaces are again functioning.  No data will be lost. Please see your site specific communication for your ordering and result verification processes during this time. During the downtime:
  • Sunquest will not be available for any users 
  • Collection Manager will not be available 
  • Labels will not print for any orders released during the downtime 

Impact to sites

• Services or resources hosted in the Partners HealthCare data centers may be unavailable during the ISM.
• Your site's IS Management team will provide more detailed communication about planned outages at your facility and will coordinate with specific groups that may be impacted.

Need help during the downtime? 

View the IS Broadcast Archive for additional details. Please contact your IS Service Desk if you have any questions.

View the 2017 IS System Maintenance (ISM) Schedule in the IS Service Desk Knowledgebase (Partners login required).

The ERIS proxy server is now performing as expected.

With the release of macOS Sierra 10.12.2 on December 13, 2016, you may now upgrade to this latest version. Please note that if you choose to upgrade, you must update the following applications after upgrading to ensure Partners services will continue to function. These apps are available for download in the PEAS Self Service application. Visit our Knowledge Base article on Self Service for Macs for more instructions.

1. VPN - Cisco AnyConnect VPN Client Version 4.3.03086
2. Citrix - Citrix Receiver Version 12.2.0
3. Java - Java Version 8 Update 111 (in Internet Plug-Ins)

The PEAS team also recommends that you verify any software that you have previously purchased is compatible with macOS Sierra prior to upgrading.

Apple, and therefore Partners, only supports the current OS and two versions prior, so with the release of Sierra, the only compatible Mac OSs are Sierra, El Capitan 10.11 or Yosemite 10.10. If you are running a Mac OS older than Yosemite, please view our webpage on how to Update Your Mac or contact the Service Desk if you need assistance with an upgrade. Outdated Mac operating systems introduce risk to your data and to the enterprise as they are not patched for security vulnerabilities and do not comply with Partners policies.

There are two enterprise applications used for connectivity that do not work automatically after upgrade. Until fixed, we do not recommend upgrading. For those already using macOS Sierra, please be advised of these recommendations:

1. VPN. Start your VPN session with Firefox. Firefox is available via Self Service, as well as www.mozilla.org/firefox. Once a VPN session is started with Firefox, you may use the browser of your choice to access websites. We are actively working with Apple to resolve issues that surround starting a VPN session with Safari.
2. CITRIX. Upgrade Citrix to version 12.3. Citrix version 12.3 is required to access workspace.partners.org (formerly myapps.partners.org). Visit the Knowledge Base for more instructions on installing updates through Self Service.

On Tuesday, September 20, 2016, Apple released Operating System (OS) macOS Sierra 10.12 for Mac laptops & desktops. It is always recommended to verify any software that you have previously purchased is compatible with macOS Sierra 10.12 prior to upgrading.

Please keep in mind that Apple, and therefore Partners, only supports the current OS and two versions prior. With the release of Sierra, the only supported Mac OSs will be macOS Sierra, Mac OS X El Capitan 10.11 or Mac OS X Yosemite 10.10.

If you are running a Mac OS older than Yosemite, please view our webpage on how to Update Your Mac, and contact the Service Desk if you need assistance with an upgrade. Older Mac operating systems introduce risk to your data and the enterprise as they are not patched for security vulnerabilities and do not comply with Partners policies.