Security Bulletin

Malicious Domain Registration – April 30, 2020

As a result of our constant monitoring and our ongoing efforts to do everything in our power to keep current with our security controls, HEALTHeLINK was recently alerted to what appears to be a malicious domain registration using the domain name wnyhealthellnk.com. As the domain looks very similar to ours, but misspelled, if you were to receive an email from this email domain, it may appear to be legitimate. We are currently petitioning to have the domain removed.

HEALTHeLINK will never email our participants to ask for a password or other personal information. If you do receive what appears to be an email from us to this effect or from this domain, please call the HEALTHeLINK Help Desk at 1-877-895-4724.

We appreciate your confidence in us and be assured we will do everything in our power to stay current with security procedures and we will continue our monitoring.

Windows 7 Access – May 28, 2020

Due to the impact COVID-19 has had on the migration of Windows 7 machines to a stable operating system, the HEALTHeCOMMUNITY Portal will continue to allow access from Windows 7 machines beyond the planned June 1, 2020 discontinuation date.  It is strongly recommended that computers using Windows 7 are upgraded ASAP because of ongoing security concerns.

Effective immediately, users will be able to access HEALTHeLINK using a Windows 7 computer until September 1, 2020 while HEALTHeNET users will be able to access until February 15, 2021. Reminders will be posted and sent out as those dates approach.

Update from May 1, 2020

As with any other end-of-life operating system, Windows 7 has encountered its first critical zero-day attack that will not be patched by Microsoft unless extended support is paid for. In addition, given the COVID-19 situation, bad actors are increasingly attempting to gain access to systems and Windows 7 machines are more vulnerable to such attacks. Accordingly, HEALTHeLINK and HEALTHeNET will block users from accessing the HEALTHeCOMMUNITY Portal with unsupported Windows 7 machines starting June 1, 2020.

We understand that some practices may be in the middle of shifting to Windows 10 or other stable operating systems and that COVID may have impacted these plans. If your organization has purchased extended support, users will be allowed to access HEALTHeLINK and HEALTHeNET for the duration that support is purchased. To retain the ability for those users to access the HEALTHeCOMMUNITY Portal, please email the following to your Account Manager:

  • Proof of purchase for extended Windows 7 support
  • Duration of support received
  • List of every user that will continue to access from a Windows 7 machine

Please note access is granted on a per-user basis and not at the workstation level. If two users share a machine and only one username is provided, the other user will not be able to access until their username is provided.

If you have any questions, please feel free to reach out for clarification.

Original update from February 2020

As of January 14th, Microsoft has discontinued support for Windows 7 which means that the machines running the operating system will no longer receive technical support, software updates or security patches. If you are using a Windows 7 machine, please encourage your IT team to upgrade to a stable operating system as soon as possible. While Microsoft is offering extended support to those who pay, it is a fallback for those that need extended time to transition to a stable operating system. Due to the fact that HEALTHeLINK is not able to identify which Windows 7 machines are receiving extended support, we will be blocking access to the HEALTHeCOMMUNITY Portal and its associated applications from Windows 7 machines. We are coordinating with participants to understand the timeline for removing Windows 7 access, but plan on blocking access within the next 3 to 6 months.