People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations
13 May, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued an announcement to raise awareness of the threat to COVID-19-related research. 

The FBI and CISA urge all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material. 

RECOMMENDATIONS

• Assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity.
• Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
• Actively scan web applications for unauthorized access, modification, or anomalous activities.
• Improve credential requirements and require multi-factor authentication.
• Identify and suspend access of users exhibiting unusual activity.

MGB Information Security recommends that you take the following actions to secure your research data and other critical information:

• Store research data on hospital approved storage, e.g., Dropbox, One drive, Home drive, etc.   
• Question emails that may be phishing attempts and do not click links or attachments from external senders unless you can validate authenticity.
• Ensure laptops and mobile devices are encrypted and systems are up to date with security patches.  
• Do not use unsupported operating systems, e.g., Windows 7 and Windows Server 2008.

Please see the memo from MGB Information Security and the full FBI alert. Please contact cispo@partners.org or riso@partners.org if you have any questions or concerns.

On 5/17/2020, Home Drives (H:) will be moved. For most users, there is no change in how you access your home drive. You will see the new name and location as H CIFSHD HOMEDIR. This change only applies to Home Drives and does not impact shared file areas (SFAs).

All VPN users and all users who access Home (H:) drives on a Mac, non-standard Windows PC or personal computer, must verify and update drive mappings to the new name of CIFSHD before 5/17 to ensure continued access. 

• macOS
• Windows 10
• Windows 7

A brief outage will occur where you will be unable to access your home drive between 1 AM and 5 AM, Sunday morning 5/17/2020; during the normal ISM maintenance window. 

Please read the full FAQ in the Knowledge Base and contact the IS Service Desk if you have any questions or concerns.

Yet another COVID-19 related scam is circulating the web. This time, users who stumble upon the malicious website "coronavirusapp[.]site" are told to download an Android app that will give them access to a Coronavirus map tracker. The app claims to have tracking and stats about COVID-19, including a heatmap.

Once a user clicks the link on the malicious website, it downloads the application and ransomware. The ransomware, named "CovidLock," locks the user out of their phone and requests $100 in bitcoin in 48 hours or else they will erase the phone's memory and leak the user's social media accounts.

How do I stay Safe & Secure?

• Only download trusted applications from the Google Play store or Apple App Store.
• Use only verified information sources from government and research institution’s websites.
• Don't click on any suspicious links or download attachments from emails or websites that are COVID-19 or health related.
• Report any suspicious emails to nospam@partners.org.

Source: https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware#

See more Phishing Alerts: https://pulse.partners.org/hub/departments/ispo/phishing_alerts

The ERIS Infrastructure team resolved the proxy issue. All sites are working.

In preparation for working remotely or from home, there are several resources to guide you.

• Remote Work Toolkit in the Partners Pulse *(access requirements)
  • A Guide to IS Resources
    • Many applications are available that do not require you to install VPN and GoToMyPC.  This guide provides helpful information for accessing Partners network resources when not connected to the Partners network: https://rc.partners.org/kb/article/3040. 
  • Collaboration Tools
  • Gain Remote Access and Collaboration Tools
• INFO: Remote Work Setup Resources: Many links within this article go to internal pages in the IS Service Desk Knowledge Base *(access requirements)
  • Much of the instructions are available on https://rc.partners.org/kb; no log in required.
• Web, Audio & Video Conferencing & Remote Access sections on https://rc.partners.org
  • Search the Knowledge Base for how-to's (i.e. mapping network drives) for quick access; no log in required.
• A single-request form has been created in the IS Service Desk for Audio Conferencing and Screen Sharing Requests for InterCall, Microsoft, Windstream, WebEx, and Zoom
  
  • Visit https://www.partners.org/ISServiceDesk
  • Make a Request
  • Collaboration Tools: Audio Conferencing and Screen Sharing 

* The Partners Pulse and the IS Service Desk require login with Partners username and password and Secure Log in (Okta or 2-factor) when off network.

Read Additional system-wide changes made to broaden timely access to these resources​ (Login with Partners username and password required.)

Check back for updates. Contact your IS Service Desk for assistance.

REDCap (https://redcap.partners.org/redcap) server maintenance was completed on Saturday, February 29th, 2020 from 9:00AM to 12:00PM ET.

REDCap was down for a short time during the maintenance window.

If you have any concerns about this scheduled maintenance, please email edcsupport@partners.org

ERIS Patching Schedule for February 2020

This is a reminder that the ERIS Infrastructure team will be patching both Non-Production and Production VM’s and Systems during the last 2 weeks in February 2020.

We are changing the schedule for the non-production nodes from the last Wednesday of the month to Wednesday and Thursday of the third week of each month. Non-production nodes, servers and VM’s that begin with the letter A – K will be patched on the 3^rd Wednesday of each month, and nodes, servers, and VM’s that begin with the letter M – Z will be patched on the 3^rd Thursday of each month. The production patching schedule will remain on the last Saturday of the month.

Below are the dates and times for the February patching process:

• Non-production VM’s A-K:  Wednesday, February 19^th from 12pm - 8PM
• Non-production VM’s L-Z:  Thursday, February 20^th from 12pm - 8PM
• Production VM’s:                Saturday, February 29^th from 9AM – 6PM

Impact

Applications, Databases, Systems and VM’s will experience downtime when the database servers are patched when the ERIS proxy server is patched and again when the application VM's are patched. Each downtime should be short however, applications could experience 3 outages during the maintenance window.

Service Level Reminders

ERIS strives to keep all systems up to their most current and/or stable revisions. Please visit https://rc.partners.org/support-training/eris-service-level-agreement to review the full ERIS Service Level Agreement.

Server owners are responsible for maintaining the applications running on DIPR VMs and systems, ensuring the applications are patched and comply with Partners Information Security Practices and Policies. Server owners are responsible for the backup of critical configurations in case of a failure.

Please contact rcc@partners.org if you have any questions

Did you know that Microsoft regularly releases security patches for its software products on the second Tuesday of every month? How frequently do you update your computer?

This month, Microsoft introduces patches for critical flaws and vulnerabilities that require you to patch as soon as possible.

Here is some guidance to keep your device secure and your Microsoft software up to date and running smoothly.

Do I need to make changes on my computer?

• Not if you use a Partners standard Windows computer (those with the asset tag, yellow lock and Partners' screensaver). The updates are run for you and devices are usually patched the Friday following Patch Tuesday. Both Microsoft and Adobe products are typically updated at this time. This can change if there is a significant freeze in place. 
• Yes, you need to run updates if you use a non-standard Windows, Macintosh or personally-owned device for Partners' business. ​It is your responsibility to keep your device and software up to date. 

See HOWTO: Run Windows Updates for additional instructions.

The ERIS Infrastructure team has completed the patching of the DIPR production servers and VM’s for today. Please connect to your server or VM and validate that your applications and systems are working. 

Our next scheduled patching event will occur at the end of January, and starting in February we will move our Non-Production patching to the third Wednesday of the month and continue our Production patching on the last Saturday of the month.

• January 29,  2020     Patching Non-Production VM's   10:00am - Finish
• February 1,  2020     Patching Production VM's             9:00am - 3:00pm
• February 19, 2020     Patching Non-Production VM's  10:00am - Finish
• February 29, 2020     Patching Production VM's            9:00am - 3:00pm

REDCap (https://redcap.partners.org/redcap) is now back online. REDCap was offline from 10:40AM-2:00PM while the data was migrated from one server to another.

We recommend that users review their projects for any data entered between yesterday January 6th beginning around 2:30PM until REDCap was brought offline today at 10:40AM.

The root cause of this issue was database related. As soon as it was determined that there were continued data submission issues, a decision was made by the EDC Support team to take REDCap offline, migrate and optimize a new database server. 

FAQs When REDCap is Offline

If you have any concerns, please email edcsupport@partners.org

REDCap (https://redcap.partners.org/redcap) is currently experiencing intermittent access issues for anyone using an internal Partners network. Users outside the network should still be able to access REDCap. 

The EDC Support team is actively working to fully resolve this issue.

If you have any concerns, please email edcsupport@partners.org

The Research Computing website, https://rc.partners.org, was offline from 7:10-7:17a.m. EDT time on Monday, December 23, 2019 while platform updates were applied.

Please contact rcwebmaster@partners.org if you have any questions or concerns.