REDCap (https://redcap.partners.org/redcap) upgrades to v7.4.11 scheduled for Thursday October 5th at 6:30AM EST are complete. REDCap was offline from 6:30AM-7:25 EST.

This upgrade will include a number of new features and bug fixes. These include:

• New feature: Custom Record Status Dashboards - Users can build and save custom versions of the Record Status Dashboard to customize the dashboard to their liking.
• New feature: Better device management for the REDCap Mobile App – The Mobile App page in a project now contains better methods for keeping track of the activity of the mobile app used on many devices at a time for a single project.
• New feature: Response Limit for surveys - Users may set a response limit for any given survey to prevent respondents from starting the survey once a set number of responses have been collected. Note: It can be set so that the response count included either completed responses only or both partial and completed responses. Users may also set custom text to be displayed to respondents on the survey page when the response limit has been reached.
• New feature: Time Limit for Survey Completion – Users may set the amount of time (in days, hours, and/or minutes) that each respondent has to complete a given survey based on when they were initially sent the survey invitation. Note: This feature excludes public survey links. When enabled, a new column is displayed on the Participant List where it denotes if a participant’s survey link has expired and also displays the expiration time if you hover over the icon. If the icon is clicked, the user can permanently override the link expiration time by setting it further in the future (to give the respondent more time), or else to expire the link sooner (or even immediately).
• Improvement - If a record has any survey invitations that are scheduled to be sent in the next 7 days, it will display a button above the table on the Record Home Page. The button will note how many upcoming invites are scheduled for the current record in the 7 days, and when clicked, it will display a table of the send time and survey title for the next 7 days worth of scheduled invites.

Full release notes available here.

If you have any concerns about REDCap being offline at this time or any questions about these new features, please email edcsupport@partners.org

Applies to: iOS and Android devices enrolled in MobileIron who are on Exchange Online

If your work email is not loading on your phone, please power it off and turn it back on. If you reboot and your email does not load, please try switching from Wi-Fi to cellular (or vice versa). Please wait a few minutes for the phone to refresh and your email to load.  We have recently discovered a mismatch in ActiveSync protocols when some mobile devices connect, which requires a reboot to update and restore functionality appropriately. If you continue to experience difficulty, please contact the IS Service Desk for assistance.

There will be limited support next week while EDC Support attends the annual REDCap Conference. Please plan for delayed response times.  Priorities will be made for Moving Projects to Production, User Access, Creating New Projects, and Change Requests.  General REDCap questions will be best effort. 

Be sure to review the Help&FAQ, Training Resources, and Getting Started with REDCap pages.  

If you have any questions, please email edcsupport@partners.org

Applies To:  Windows HP Devices

Partners IS has identified that a specific Intel I217-LM Network card within HP device models can cause major network switch outages. Devices managed by Partners IS have already been updated. These instructions are for all other HP workstations connecting to the Partners network.

Please work with your Local IT Administrator to download and install the latest versions of the NIC Driver provided by HP Support Services.

1. Visit https://support.hp.com/us-en/drivers
2. Enter the model name of the computer you have
3. Upgrade all drivers.

Here are a few device-specific drivers for your convenience. This list is not exhaustive:

• HP EliteDesk 800 G1 Mini-Tower, Small Form Factor, Desktop Mini, Ultra Slim Desktop Models
  • Windows 7 x86, Windows 7 x64
  • http://ftp.hp.com/pub/softpaq/sp71001-71500/sp71407.exe
• HP ZBook Mobile Workstation, HP ZBook Mobile G2 Workstation Models                
  • Windows7 x86, Windows 7 x64                                
  • http://ftp.hp.com/pub/softpaq/sp77001-77500/sp77107.exe

If your device is blocked from the network,

1. When possible, connect to the guest network to update your driver
2. Contact the IS Service Desk for next steps

Additional references:

• https://communities.intel.com/thread/48051
• http://linuxtoolkit.blogspot.com/2014/12/intel-nic-driver-causing-multicast.html
• http://packetpushers.net/good-nics-bad-things-blast-ipv6-multicast-listener-discovery-queries/
• https://communities.intel.com/thread/70393
• http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=mmr_sf-EN_US000005367

ERIS DIPR File Server (fs.dipr.partners.org) maintenance is scheduled on Sunday, July 30, 2017 from 10a.m. to 2p.m. EDT for a full server replacement. During this maintenance window, any applications and systems that have storage associated with this server will be offline for approximately one hour.

Impact

ERIS DIPR File Server (fs.dipr.partners.org) is the nfs file server which provides mounted storage to our DIPR environment. For any systems managed by ERIS, technicians will check and reboot or remount storage.

Action Required

If you are an owner of a virtual machine in DIPR, we strongly encourage you to check the status of your VM once the scheduled work concludes. If you find one unresponsive, reboot or remount the storage. If any issues persist, please contact rcc@partners.org and we'll address the problem.

Please contact rcc@partners.org if you have any questions or concerns about this maintenance.

ERIS provides Discovery Informatics Platform for Research (DIPR), a flexible, secure cloud computing infrastructure designed to meet research needs. DIPR Virtual Machines (VMs) offer IT power and services to research customers without placing the burden of purchasing or managing server hardware on the researcher.

Updates to LabArchives Secure Login process to use Okta, Partners newest technology, will occur on July 13 at 4pm ET.

The new login link will be posted and updated on our websites. Please be sure to update any bookmarks after the cut over!

The biggest change to note is that when you are off network, you will be prompted for a second factor of authentication.

To register a phone number, or to check to see what number has been previously registered, go to Password self server (myprofile.partners.org). Login and click on the "update my phone number” link.  You can add a phone number or update an existing number.  Make sure you enter all numbers you may wish to use for second factor authentication, you will be able to choose the appropriate number to use when needed.

Please see the article INFO: Secure Log In Overview and FAQs for additional information.

If you have any questions/concerns, please email edcsupport@partners.org

The Office 2016 upgrade for Macintosh, non-standard PC or personally-owned computers used for business is available for self-installation. There is a separate process for upgrading Partners Standard Windows PCs; site-specific information can be found on SharePoint. 

Steps at a glance

1. Uninstall older versions of Office
2. Install Office 2016 
   • For Non-standard Windows PCs and personally-owned devices can install through the Office 365 Portal - please read these Installation Instructions
   • For Mac OS > Self Service Application or through Office 365 Portal
   • For Partners Standard PCs > Site specific information can be found on SharePoint. There is a separate process for devices with asset tag, yellow lock and Partners' screensaver.
3. Activate Office 2016

Note: please read the complete Installation Instructions

Visit the Office 2016 training & support site for training and support resources related to the Microsoft Office 2016 upgrade and move to Exchange Online for Windows devices at Partners. For help with the install, stop by your local Tech Depot for assistance or contact the IS Service Desk.

Partners has embarked on a strategy to improve the computing experience across the breadth of devices used at work to assure productive, clean and stable computers (Windows PCs, Apple Macs, smartphones and tablets). With the recent virus and ransomware attacks, both within our System and Internationally, Partners is accelerating this effort to improve the security of our environment.

A change will be made to Mac desktops and laptops to help secure our environment. On Tuesday, July 18, 2017, the ForeScout SecureConnector Network Access Control (NAC) agent will be installed on all devices enrolled in PEAS.

Network Access Control (NAC) is a mechanism that ensures device trust before allowing device access to a secure network. A NAC agent is an application installed on a device to allow visibility into policy compliance of that device when connecting to the Partners network. The current agent used at Partners is called ForeScout SecureConnector.

What can I do to prepare?
You can check to see if you have the agent installed on your computer by opening your Applications folder and searching for ForeScout SecureConnector. If you do not find ForeScout SecureConnector in your list, you may visit this website to install: https://rc.partners.org/SecureConnector. Since you are enrolled in PEAS, you can simply open Self Service and install ForeScout SecureConnector.

What devices already have the SecureConnector Network Access Control (NAC) agent?
ForeScout SecureConnector is already installed on most Partners standard Windows workstations and some PEAS-enrolled Macs. Mobile devices, such as phones or tablets, and Linux computers are exempt at this time.

Since November 10, 2016, those working at or attending meetings at Assembly Row are required to install the ForeScout SecureConnector agent on any computer connecting to the Partners network. All devices must meet the security requirements to gain full network access. Other hospital site locations will implement this compliance check at a later date. The requirements include encryption, antivirus software, and patches. 

Please visit the Knowledge Base for FAQ and additional information on device compliance, or our webpage on how to Secure Your Mac. If you have additional questions, please contact the IS Service Desk.

Updated on May 17, 2017: 

Wordpress 4.7.5. was released.
https://wordpress.org/news/2017/05/wordpress-4-7-5/
 

Applies To: Wordpress <4.7.4

A Wordpress vulnerability in the password reset function might allow attackers to get hold of the password reset link without previous authentication [CVE-2017-8295].
Combined with other vulnerabilities and, depending on the server configuration, a remote attackers may be able to pass extra parameters and consequently execute arbitrary code.
All versions of Wordpress prior to 4.7.4 are vulnerable. Exposure increases if combined with other vulnerabilities (as CVE-2016-10033) so make sure your PHP is running the latest patched version. An exploit is known to this vulnerability.

At the moment this is being written, Wordpress stable version is still 4.7.4. Please stay alert and update it when a patch is available. For now, as a temporary solution, UseCanonicalNames can be enabled to enforce a static SERVER_NAME value. [see link below]

References:
http://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname
https://httpd.apache.org/docs/2.4/misc/security_tips.html
http://php.net/manual/en/function.mail.php
https://wordpress.org/download/release-archive [for when a new version comes up]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
--
Note:
As always, other basic server security hardening also applies, as 1) making sure you're logging mail transport (if using local MTA) with proper retention; 2) possibly changing php.ini to log mail functions (improved auditing); 3) log monitoring tools to detect an alert unusual activity (i.e., increased mail traffic); 4) off-box logging, among others.
 

Effective May 16, you will be able to log into HealthStream using your Partners username and password. You will no longer need to remember a separate password to complete your HealthStream learning requirements. 

HealthStream is the online learning system used by MGH and Partners HealthCare to administer required annual and departmental trainings.

If you need assistance with HealthStream, or have questions about single sign on, please contact mghhealthstream@partners.org.

REDCap (https://redcap.partners.org/redcap) upgrades to v7.0.14 scheduled for tonight Wednesday April 26th at 8:30 PM EST are complete. REDCap was offline from 8:30-8:45 PM EST.

This upgrade is to apply a necessary patch to address a number of bugs introduced in the upgrade to version 7.0.10. 

If you have any concerns about REDCap being offline at this time, please email edcsupport@partners.org