January 4, 2018
Subject: Meltdown and Spectre Computer Vulnerabilities
Dear Valued Customer,
By now, you have likely heard the news about the “Meltdown” and “Spectre” computer vulnerabilities. Both are “side channel” exploits, meaning they do not access protected data directly, rather, cause the system processor to operate in a way that allows for the observation and timing of visible characteristics to infer the protected data.
InTouch Health Teams are closely monitoring for the general availability of patches for all affected systems and software. Upon patch availability, InTouch Health will:
Prior to the availability of patching and firmware updates, InTouch Health will continue to limit and mitigate immediate risk by following common security best practices, including:
Further, InTouch Health has verified that our cloud hosting partners have already taken appropriate action to correct and/or protect against Meltdown and Spectre based threats.
If you have questions, comments, or concerns please contact your account executive or other designated InTouch Health point of contact.
Thank you for your patience and continued support.
May 16, 2017
Re: WannaCry Ransomware Virus
Dear Valued Customer,
InTouch Health has not been impacted by the WannaCry ransomware virus. InTouch Health became aware of WannaCry the morning of Friday, May 12, 2017 and took the following proactive, preventive actions:
The proliferation of the WannaCry virus is primarily through a Remote Desktop Protocol (RDP) vulnerability and through Server Message Block (SMB) shares. InTouch Health does not allow system level access to map network drives via SMB or RDP access for applications containing patient health information (PHI). The operating systems these applications use are predominantly Linux based, and are not directly susceptible to this WannaCry threat.
At InTouch Health, we pride ourselves on secure, reliable connections, and actively monitor our networks to ensure a smooth experience for both our clinician and patient users. Should you have any questions, please review the FBI Flash, or email me directly.
Sr. Director, Information Technology