Security Bulletin

Internet Explorer End of Life – May 19, 2022

As of June 15, 2022, Microsoft will discontinue support and updates for Internet Explorer 11, a popular web browser used by Windows users that has since been replaced with Microsoft Edge. To reduce security risks associated with end-of-life software, HEALTHeLINK and HEALTHeNET block access to out-of-date browsers one they are six-months past end of life. Starting on December 15th, users will no longer be able to access the HEALTHeCOMMUNITY Portal using this browser. Please note that this date may move as we monitor security risks during this timeframe. We are encouraging organizations to move to a supported version of Microsoft Edge, Chrome, Firefox, or Safari.

For further information, please see the following from Microsoft: https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge

Log4j Vulnerability – December 15, 2021

HEALTHeLINK and HEALTHeNET takes vulnerabilities, especially to this extent, very seriously in our environment. We have not identified any indicators of compromise and continue to monitor extensively. Upon notification of the Log4j vulnerability the Security team identified all impacted systems and patched all public servers that were affected by 1pm on Friday 12/10. Additional mitigation and patching was performed for internal servers that utilized the affected version of Log4j. We continue to monitor the situation closely and will perform other mitigation and updates as appropriate.

National Healthcare Security Threats – November 4, 2020

Ransomware and other forms of cybersecurity attacks are becoming more prevalent for health care providers across the United States, especially during the COVID-19 pandemic and United States elections. In the event that your organization becomes a victim of such an attack, we would ask that you reach out to the HEALTHeLINK/HEALTHeNET Help Desk to make us aware of the incident. The HEALTHeLINK/HEALTHeNET Help Desk is available 24/7 at 877-895-4724 or 716-842-6343.

Malicious Domain Registration – April 30, 2020

As a result of our constant monitoring and our ongoing efforts to do everything in our power to keep current with our security controls, HEALTHeLINK was recently alerted to what appears to be a malicious domain registration using the domain name wnyhealthellnk.com. As the domain looks very similar to ours, but misspelled, if you were to receive an email from this email domain, it may appear to be legitimate. We are currently petitioning to have the domain removed.

HEALTHeLINK will never email our participants to ask for a password or other personal information. If you do receive what appears to be an email from us to this effect or from this domain, please call the HEALTHeLINK Help Desk at 1-877-895-4724.

We appreciate your confidence in us and be assured we will do everything in our power to stay current with security procedures and we will continue our monitoring.

Windows 7 Access – February 11, 2021

Starting February 11th, users will no longer be able to access the HEALTHeLINK or HEALTHeNET applications from computer using the Windows7 Operating System (OS) given the ongoing security threats associated with using an OS that is not supported with security patches and upgrades. If your organization has paid for extended support through Microsoft please reach out to your account manager or the Help Desk for more information.

Update from May 28, 2020

Due to the impact COVID-19 has had on the migration of Windows 7 machines to a stable operating system, the HEALTHeCOMMUNITY Portal will continue to allow access from Windows 7 machines beyond the planned June 1, 2020 discontinuation date.  It is strongly recommended that computers using Windows 7 are upgraded ASAP because of ongoing security concerns.

Effective immediately, users will be able to access HEALTHeLINK using a Windows 7 computer until September 1, 2020 while HEALTHeNET users will be able to access until February 15, 2021. Reminders will be posted and sent out as those dates approach.

Update from May 1, 2020

As with any other end-of-life operating system, Windows 7 has encountered its first critical zero-day attack that will not be patched by Microsoft unless extended support is paid for. In addition, given the COVID-19 situation, bad actors are increasingly attempting to gain access to systems and Windows 7 machines are more vulnerable to such attacks. Accordingly, HEALTHeLINK and HEALTHeNET will block users from accessing the HEALTHeCOMMUNITY Portal with unsupported Windows 7 machines starting June 1, 2020.

We understand that some practices may be in the middle of shifting to Windows 10 or other stable operating systems and that COVID may have impacted these plans. If your organization has purchased extended support, users will be allowed to access HEALTHeLINK and HEALTHeNET for the duration that support is purchased. To retain the ability for those users to access the HEALTHeCOMMUNITY Portal, please email the following to your Account Manager:

  • Proof of purchase for extended Windows 7 support
  • Duration of support received
  • List of every user that will continue to access from a Windows 7 machine

Please note access is granted on a per-user basis and not at the workstation level. If two users share a machine and only one username is provided, the other user will not be able to access until their username is provided.

If you have any questions, please feel free to reach out for clarification.

Original update from February 2020

As of January 14th, Microsoft has discontinued support for Windows 7 which means that the machines running the operating system will no longer receive technical support, software updates or security patches. If you are using a Windows 7 machine, please encourage your IT team to upgrade to a stable operating system as soon as possible. While Microsoft is offering extended support to those who pay, it is a fallback for those that need extended time to transition to a stable operating system. Due to the fact that HEALTHeLINK is not able to identify which Windows 7 machines are receiving extended support, we will be blocking access to the HEALTHeCOMMUNITY Portal and its associated applications from Windows 7 machines. We are coordinating with participants to understand the timeline for removing Windows 7 access, but plan on blocking access within the next 3 to 6 months.