Server maintenance was completedfor this website on Saturday, December 7th, 2019 from 9:00AM to 2:00PM EDT. This website may have been offline for a short time during the maintenance window.

Starting July 1, 2020, you’ll notice a different auto-reply when emailing rcc@partners.org for support. The full text of your email inquiry will be provided back to you in the Description section of the auto-generated email. An IS Service Desk ticket number and link to view the status will also be provided. The auto-reply will come from IS Service Desk <partnershealthcare@service-now.com>. You can continue to reply to this auto-generated email to correspond with ERIS regarding your ticket. 

This change completed on Wednesday, July 1 around 8:45a.m.

Before July 1, 2020
This is an example of what you receive when you email rcc@partners.org

Starting July 1, 2020 at 8:45a.m.
This is an example of what you will receive when you email rcc@partners.org

People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations
13 May, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued an announcement to raise awareness of the threat to COVID-19-related research. 

The FBI and CISA urge all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material. 

RECOMMENDATIONS

• Assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity.
• Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
• Actively scan web applications for unauthorized access, modification, or anomalous activities.
• Improve credential requirements and require multi-factor authentication.
• Identify and suspend access of users exhibiting unusual activity.

MGB Information Security recommends that you take the following actions to secure your research data and other critical information:

• Store research data on hospital approved storage, e.g., Dropbox, One drive, Home drive, etc.   
• Question emails that may be phishing attempts and do not click links or attachments from external senders unless you can validate authenticity.
• Ensure laptops and mobile devices are encrypted and systems are up to date with security patches.  
• Do not use unsupported operating systems, e.g., Windows 7 and Windows Server 2008.

Please see the memo from MGB Information Security and the full FBI alert. Please contact cispo@partners.org or riso@partners.org if you have any questions or concerns.

This change only applies to Home Drives and does not impact shared file areas (SFAs). On 5/17/2020, Home Drives (H:) will be moved. For most users, there is no change in how you access your home drive. You will see the new name and location as H CIFSHD HOMEDIR. This change only applies to Home Drives and does not impact shared file areas (SFAs).

All VPN users and all users who access Home (H:) drives on a Mac, non-standard Windows PC or personal computer, must update drive mappings to the new name of CIFSHD before 5/17 to ensure continued access. 

• macOS
• Windows 10
• Windows 7

A brief outage will occur where you will be unable to access your home drive between 1 AM and 5 AM, Sunday morning 5/17/2020; during the normal ISM maintenance window. 

Please read the full FAQ in the Knowledge Base and contact the IS Service Desk if you have any questions or concerns.

Yet another COVID-19 related scam is circulating the web. This time, users who stumble upon the malicious website "coronavirusapp[.]site" are told to download an Android app that will give them access to a Coronavirus map tracker. The app claims to have tracking and stats about COVID-19, including a heatmap.

Once a user clicks the link on the malicious website, it downloads the application and ransomware. The ransomware, named "CovidLock," locks the user out of their phone and requests $100 in bitcoin in 48 hours or else they will erase the phone's memory and leak the user's social media accounts.

How do I stay Safe & Secure?

• Only download trusted applications from the Google Play store or Apple App Store.
• Use only verified information sources from government and research institution’s websites.
• Don't click on any suspicious links or download attachments from emails or websites that are COVID-19 or health related.
• Report any suspicious emails to nospam@partners.org.

Source: https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware#

See more Phishing Alerts: https://pulse.partners.org/hub/departments/ispo/phishing_alerts

The ERIS Infrastructure team resolved the proxy issue. All sites are working.

In preparation for working remotely or from home, there are several resources to guide you.

• Remote Work Toolkit in the Partners Pulse *(access requirements)
  • A Guide to IS Resources
    • Many applications are available that do not require you to install VPN and GoToMyPC.  This guide provides helpful information for accessing Partners network resources when not connected to the Partners network: https://rc.partners.org/kb/article/3040. 
  • Collaboration Tools
  • Gain Remote Access and Collaboration Tools
• INFO: Remote Work Setup Resources: Many links within this article go to internal pages in the IS Service Desk Knowledge Base *(access requirements)
  • Much of the instructions are available on https://rc.partners.org/kb; no log in required.
• Web, Audio & Video Conferencing & Remote Access sections on https://rc.partners.org
  • Search the Knowledge Base for how-to's (i.e. mapping network drives) for quick access; no log in required.
• A single-request form has been created in the IS Service Desk for Audio Conferencing and Screen Sharing Requests for InterCall, Microsoft, Windstream, WebEx, and Zoom
  
  • Visit https://www.partners.org/ISServiceDesk
  • Make a Request
  • Collaboration Tools: Audio Conferencing and Screen Sharing 

* The Partners Pulse and the IS Service Desk require login with Partners username and password and Secure Log in (Okta or 2-factor) when off network.

Read Additional system-wide changes made to broaden timely access to these resources​ (Login with Partners username and password required.)

Check back for updates. Contact your IS Service Desk for assistance.

REDCap (https://redcap.partners.org/redcap) server maintenance was completed on Saturday, February 29th, 2020 from 9:00AM to 12:00PM ET.

REDCap was down for a short time during the maintenance window.

If you have any concerns about this scheduled maintenance, please email edcsupport@partners.org

ERIS Patching Schedule for February 2020

This is a reminder that the ERIS Infrastructure team will be patching both Non-Production and Production VM’s and Systems during the last 2 weeks in February 2020.

We are changing the schedule for the non-production nodes from the last Wednesday of the month to Wednesday and Thursday of the third week of each month. Non-production nodes, servers and VM’s that begin with the letter A – K will be patched on the 3^rd Wednesday of each month, and nodes, servers, and VM’s that begin with the letter M – Z will be patched on the 3^rd Thursday of each month. The production patching schedule will remain on the last Saturday of the month.

Below are the dates and times for the February patching process:

• Non-production VM’s A-K:  Wednesday, February 19^th from 12pm - 8PM
• Non-production VM’s L-Z:  Thursday, February 20^th from 12pm - 8PM
• Production VM’s:                Saturday, February 29^th from 9AM – 6PM

Impact

Applications, Databases, Systems and VM’s will experience downtime when the database servers are patched when the ERIS proxy server is patched and again when the application VM's are patched. Each downtime should be short however, applications could experience 3 outages during the maintenance window.

Service Level Reminders

ERIS strives to keep all systems up to their most current and/or stable revisions. Please visit https://rc.partners.org/support-training/eris-service-level-agreement to review the full ERIS Service Level Agreement.

Server owners are responsible for maintaining the applications running on DIPR VMs and systems, ensuring the applications are patched and comply with Partners Information Security Practices and Policies. Server owners are responsible for the backup of critical configurations in case of a failure.

Please contact rcc@partners.org if you have any questions

Did you know that Microsoft regularly releases security patches for its software products on the second Tuesday of every month? How frequently do you update your computer?

This month, Microsoft introduces patches for critical flaws and vulnerabilities that require you to patch as soon as possible.

Here is some guidance to keep your device secure and your Microsoft software up to date and running smoothly.

Do I need to make changes on my computer?

• Not if you use a Partners standard Windows computer (those with the asset tag, yellow lock and Partners' screensaver). The updates are run for you and devices are usually patched the Friday following Patch Tuesday. Both Microsoft and Adobe products are typically updated at this time. This can change if there is a significant freeze in place. 
• Yes, you need to run updates if you use a non-standard Windows, Macintosh or personally-owned device for Partners' business. ​It is your responsibility to keep your device and software up to date. 

See HOWTO: Run Windows Updates for additional instructions.