Updates

Microsoft Customer Guidance for WannaCrypt Attacks

Windows XP SP3 Embedded Security Update 05/13/2017:

Download Security Update

Models: DRSHD, DRSHD 1080p (Software Ver. 5.x), HDMD Bluray, HDMD 1080p, EvolutionHD (Software Ver. 2.x)

 

Windows 7 Embedded Security Update 03/14/2017:

Download Security Update

Models: DRSHD 1080p, (Software Ver. 6.x) HDMD PRO, EvolutionHD (Software Ver. 3.x)
Note: Please re-apply this patch after every recovery

 

Windows 10 Enterprise Security Update 03/10/2017:

Download Security Update

Models: 4Klearity

 
If you have an MDRS4 or first generation HDMD, contact support@medxchange.com

 

Update Instructions

 

Upgrades

DRSHD 1080p Upgrade Instructions 6/21/18:

Important Information about the CyberSecurity of your Evolution4K

June 22, 2018
Dear valued Evolution4K user,

We strive to offer cutting edge reliable medical devices to the benefit for our customers. We are also doing our utmost to follow existing regulations and laws to ensure maximum safety in all areas of our medical devices including CyberSecurity. The ever-evolving threats in that area requires that we always attempt to stay a step ahead of new developments whenever possible. We pride ourselves to offer state-of-art CyberSecurity in our existing and upcoming products. This letter addresses the CyberSecurity status of your Evolution4K.

We want to make sure we follow the latest HIPPA and upcoming GDPR regulations. Therefore, we evaluated and investigated if the Evolution4K requires either upgrades/updates or/and instructions what measures to take to enhance the CyberSecurity status of your device.

The objective is to close any potential attack vector(s) due to the many high-profile hacking incidents (e.g. ransomware etc) to lift the bar as high as possible to protect ePHI and deny potential attackers to use the device as launch pad to attack other devices or network.

These are the CyberSecurity related risk factors, potential attack vectors:

  • To use device when incorrectly configured or not secured as per best HIPAA required cyber security practices as jump platform to attack other devices in access range.
  • To compromise PI (patient information) when not following correct setup instructions or best HIPAA cyber security practices. That includes physical access procedures, network procedures and handling data storage in case of device repair needs or disposal after end of life.

These are the steps WE can and will take to remedy and/or mitigate the risk:

  • ePHI will be encrypted at rest and transit (archiving to network locations excluded).
  • User roles based on principles of separation of duties and least privilege to restrict access to user functions.
  • Activity logging (auditing).
  • Session timeout.
  • Firewall configured, deny all, allow by exception.
  • Default boot environment is restricted user account (restricted run level).

These are the recommended steps YOU should complete to remedy and/or mitigate the risks to achieve maximum safety:

  • Physical security to deny unauthorized access or theft of the Evolution4K device to protect ePHI.
  • Provide network security to deny unauthorized access, prohibit the Evolution4K device to be used as an attack platform to compromise other devices critical to the IT infrastructure and to protect ePHI.
  • Periodically apply security patches.
  • Change all default passwords (software admin account).
  • See the CyberSecurity documentation for details (for administrators only) – Reference document U5020-02 – CyberSecurity Guide.
  • Utilize archiving and automatic deletion features to regularly back up and purge case data as the system is not intended to serve as a long-term storage device.

The Evolution4K continues to be CyberSecurity safe after the above recommended options are implemented. If you have any questions, please contact our Customer Technical Support at support@medxchange.com or 1-888-982-4469.

Sincerely,
Med X Change, Inc.
525 8th Street West
Bradenton, FL 34205 USA

Important Information about the CyberSecurity of your 4Klearity

May 25, 2018
Dear valued 4Klearity user,

We strive to offer cutting edge reliable medical devices to the benefit for our customers. We are also doing our utmost to follow existing regulations and laws to ensure maximum safety in all areas of our medical devices including CyberSecurity. The ever-evolving threats in that area requires that we always attempt to stay a step ahead of new developments whenever possible. We pride ourselves to offer state-of-art CyberSecurity in our existing and upcoming products. This letter addresses the CyberSecurity status of your 4Klearity.

We want to make sure we follow the latest HIPPA and GDPR regulations. Therefore, we evaluated and investigated if the 4Klearity requires either upgrades/updates or/and instructions what measures to take to enhance the CyberSecurity status of your device.

The objective is to close any potential attack vector(s) due to the many high-profile hacking incidents (e.g. ransomware etc) to lift the bar as high as possible to protect ePHI and deny potential attackers to use the device as launch pad to attack other devices or network.

These are the CyberSecurity related risk factors, potential attack vectors:

  • To use device when incorrectly configured or not secured as per best HIPAA and GDPR required CyberSecurity practices as jump platform to attack other devices in access range.
  • To compromise PI (patient information) when not following correct setup instructions or best HIPAA and GDPR CyberSecurity practices. That includes physical access procedures, network procedures and handling data storage in case of device repair needs or disposal after end of life.

These are the steps WE can and will take to remedy and/or mitigate the risk:

  • ePHI will be encrypted at rest and transit (archiving to network locations excluded).
  • User roles based on principals of separation of duties and least privilege to restrict access to user functions.
  • Activity logging (auditing).
  • Session timeout.
  • Firewall configured, deny all, allow by exception.
  • Only IT Admin users have access to the operating system through credentials.
  • Default boot environment is restricted user account (restricted run level).

These are the recommended steps YOU should complete to remedy and/or mitigate the risks to achieve maximum safety:

  • Physical security to deny unauthorized access or theft of the 4Klearity device to protect ePHI.
  • Provide network security to deny unauthorized access, prohibit the 4Klearity device to be used as an attack platform to compromise other devices critical to the IT infrastructure and to protect ePHI.
  • Periodically apply security patches – Refer to Admin user guide U5021-11.
  • Change all default passwords (software admin account, bios and any other default passwords).
  • See the CyberSecurity documentation for details (for administrators only) – Reference document U5021-12 – CyberSecurity Guide.
  • Utilize archiving and automatic deletion features to regularly back up and purge case data as the system is not intended to serve as a long-term storage device.

The 4Klearity continues to be CyberSecurity safe after the above recommended options are implemented. If you have any questions, please contact our Customer Technical Support at support@medxchange.com or 1-888-982-4469.

Sincerely,
Med X Change, Inc.
525 8th Street West
Bradenton, FL 34205 USA

Important Information about the CyberSecurity of your CMS9000

May 25, 2018
Dear valued CMS9000 user,

We strive to offer cutting edge, reliable medical devices to the benefit of our customers. We are also doing our utmost to follow existing regulations and laws to ensure maximum safety in all areas of our medical devices including CyberSecurity. The ever-evolving threats in that particular area requires that we always attempt to stay a step ahead of new developments whenever possible. We pride ourselves to offer state-of-art CyberSecurity in our existing and upcoming products. This particular letter addresses the CyberSecurity status of your CMS9000.

We want to make sure we follow the latest HIPPA and GDPR regulations. Therefore, we evaluated and investigated if the CMS9000 requires either upgrades/updates or/and instructions what measures to take to enhance the CyberSecurity status of your device.

The objective is to close any potential attack vector(s) due to the many high-profile hacking incidents (e.g. ransomware etc) to lift the bar as high as possible to protect ePHI and deny potential attackers from using the device as launch pad to attack other devices or network.

These are the CyberSecurity related risk factors, potential attack vectors:

  • To use device when incorrectly configured or not secured as per best HIPAA and GDPR required cyber security practices as jump platform to attack other devices in access range.
  • To compromise PI (patient information) when not following correct setup instructions or best HIPAA and GDPR cyber security practices. That includes physical access procedures, network procedures and handling data storage in case of device repair needs or disposal after end of life.

These are the steps WE can and will take to remedy and/or mitigate the risk:

  • ePHI will be encrypted at rest and transit (archiving to network locations excluded).
  • User roles based on principals of separation of duties and least privilege to restrict access to user functions.
  • Activity logging (auditing).
  • Session timeout.
  • Giving access to administrators to apply security patches.
  • Firewall configured, deny all, allow by exception.
  • Standard users will login with no access to the OS environment.
  • Default boot environment is restricted user account (restricted run level).

These are the recommended steps YOU should complete to remedy and/or mitigate the risks to achieve maximum safety:

  • Physical security to deny unauthorized access or theft of the CMS9000 device to protect ePHI.
  • Provide network security to deny unauthorized access to the CMS9000 to prohibit the device from being used as an attack platform to compromise other devices critical to the IT infrastructure and to protect ePHI.
  • Periodically apply security patches – Reference document U5019-08 – CMS9000 Admin user manual.
  • Change all default passwords (IT Admin account, CMS9000 account, software admin account, BIOS) – Reference document U5019-08 – CMS9000 Admin user manual.
  • See the CyberSecurity documentation for details (for administrators only) – Reference document U5019-09 – CMS9000 CyberSecurity Guide.
  • Utilize archiving and automatic deletion features to regularly back up and purge case data as the system is not intended to serve as a long-term storage device.

The CMS9000 continues to be CyberSecurity safe after the above recommended options are implemented. If you have any questions, please contact our Customer Technical Support at support@medxchange.com or 1-888-982-4469.

Sincerely,
Med X Change, Inc.
525 8th Street West
Bradenton, FL 34205 USA

Important Information about the CyberSecurity of your BL2300HD

March 5, 2018
Dear valued BL2300HD user,

We strive to offer cutting edge reliable medical devices to the benefit for our customers. We are also doing our utmost to follow existing regulations and laws to ensure maximum safety in all areas of our medical devices including CyberSecurity. The ever-evolving threats in that particular area requires that we always attempt to stay a step ahead of new developments whenever possible. We pride ourselves to offer state-of-art CyberSecurity in our existing and upcoming products. This particular letter addresses the CyberSecurity status of your BL2300HD.

The objective is to close any potential attack vector(s) due to the many high-profile hacking incidents (e.g. ransomware etc) to lift the bar as high as possible to protect ePHI and deny potential attackers to use the device as launch pad to attack other devices or network.

We want to make sure we follow the latest HIPPA and upcoming GDPR regulations. Therefore, we evaluated and investigated if the BL2300HD requires either upgrades/updates and/or instructions for measures to take to enhance the CyberSecurity status of your device.

No actions are necessary to enhance the already cyber secure BL2300HD. The BL2300HD network threats are limited, due to an embedded Linux distribution with only the required libraries necessary to run the core application for the purpose of overlaying specific data coming solely from a Stellaris Emulsification Machine. The BL2300HD functions in an ad-hoc network with the only other network client being the Stellaris machine. In short, our application is only tuning in via the network port to listen and respond to commands from the connected Stellaris only. Everything is ignored. The BL2300HD is designed to only accept data from the Stellaris and never send data.

The BL2300HD is deemed CyberSecurity safe by design. If you have any questions, please contact our Customer Technical Support at support@medxchange.com or 1-888-982-4469.

Sincerely,
Med X Change, Inc.
525 8th Street West
Bradenton, FL 34205 USA

Important Information about the CyberSecurity of your HDMD PRO

March 9, 2018
Dear valued HDMD PRO user,

We strive to offer cutting edge reliable medical devices to the benefit for our customers. We are also doing our utmost to follow existing regulations and laws to ensure maximum safety in all areas of our medical devices including CyberSecurity. The ever-evolving threats in that particular area requires that we always attempt to stay a step ahead of new developments whenever possible. We pride ourselves to offer state-of-art CyberSecurity in our existing and upcoming products. This particular letter addresses the CyberSecurity status of your HDMD PRO.

We want to make sure we follow the latest HIPPA and upcoming GDPR regulations. Therefore, we evaluated and investigated if the HDMD PRO requires either upgrades/updates or/and instructions what measures to take to enhance the CyberSecurity status of your device.

The objective is to close any potential attack vector(s) due to the many high-profile hacking incidents (e.g. ransomware etc) to lift the bar as high as possible to protect ePHI and deny potential attackers to use the device as launch pad to attack other devices or network.

These are the CyberSecurity related risk factors, potential attack vectors:

  • To use device when incorrectly configured or not secured as per best HIPAA required cyber security practices as jump platform to attack other devices in access range.
  • To compromise PI (patient information) when not following correct setup instructions or best HIPAA cyber security practices. That includes physical access procedures, network procedures and handling data storage in case of device repair needs or disposal after end of life.

These are the steps WE can and will take to remedy and/or mitigate the risk:

  • ePHI will be encrypted at rest and transit (archiving to network locations excluded).
  • User roles based on principals of separation of duties and least privilege to restrict access to user functions.
  • Activity logging (auditing).
  • Session timeout.
  • Giving access to administrators to apply security patches.
  • Firewall configured, deny all, allow by exception.
  • Standard users will login with no access to the OS environment.
  • Default boot environment is restricted user account (restricted run level).
  • Deny execution from removable media.

These are the recommended steps YOU should complete to remedy and/or mitigate the risks to achieve maximum safety:

  • Physical security to deny unauthorized access or theft of the HDMD PRO device to protect ePHI.
  • Provide network security to deny unauthorized access, prohibit the HDMD PRO device to be used as an attack platform to compromise other devices critical to the IT infrastructure and to protect ePHI.
  • Periodically apply security patches – Reference document UXXX-XX – Admin user manual.
  • Change all default passwords (IT Admin account, HDMD PRO account, software admin account, BIOS) – Reference document UXXXX-XX – Admin user manual.
  • See the CyberSecurity documentation for details (for administrators only) – Reference document UXXXX-XX – CyberSecurity Guide.
  • Utilize archiving and automatic deletion features to regularly back up and purge case data as the system is not intended to serve as a long-term storage device.

The HDMD PRO continues to be CyberSecurity safe after the above recommended options are implemented. If you have any questions, please contact our Customer Technical Support at support@medxchange.com or 1-888-982-4469.

Sincerely,
Med X Change, Inc.
525 8th Street West
Bradenton, FL 34205 USA

Important Information about the CyberSecurity of your EvolutionHD

February 27, 2018
Dear valued EvolutionHD user,

We strive to offer cutting edge reliable medical devices to the benefit for our customers. We are also doing our utmost to follow existing regulations and laws to ensure maximum safety in all areas of our medical devices including CyberSecurity. The ever-evolving threats in that particular area requires that we always attempt to stay a step ahead of new developments whenever possible. We pride ourselves to offer state-of-art CyberSecurity in our existing and upcoming products. This particular letter addresses the CyberSecurity status of your EvolutionHD.

We want to make sure we follow the latest HIPPA and upcoming GDPR regulations. Therefore, we evaluated and investigated if the EvolutionHD requires either upgrades/updates or/and instructions what measures to take to enhance the CyberSecurity status of your device.

The objective is to close any potential attack vector(s) due to the many high-profile hacking incidents (e.g. ransomware etc) to lift the bar as high as possible to protect ePHI and deny potential attackers to use the device as launch pad to attack other devices or network.

These are the CyberSecurity related risk factors, potential attack vectors:

  • To use device when incorrectly configured or not secured as per best HIPAA required cyber security practices as jump platform to attack other devices in access range.
  • To compromise PI (patient information) when not following correct setup instructions or best HIPAA cyber security practices. That includes physical access procedures, network procedures and handling data storage in case of device repair needs or disposal after end of life.

These are the steps WE can and will take to remedy and/or mitigate the risk:

  • ePHI will be encrypted at rest and transit (archiving to network locations excluded).
  • User roles based on principals of separation of duties and least privilege to restrict access to user functions.
  • Activity logging (auditing).
  • Session timeout.
  • Giving access to administrators to apply security patches.
  • Firewall configured, deny all, allow by exception.
  • Standard users will login with no access to the OS environment.
  • Default boot environment is restricted user account (restricted run level).
  • Deny execution from removable media.

These are the recommended steps YOU should complete to remedy and/or mitigate the risks to achieve maximum safety:

  • Physical security to deny unauthorized access or theft of the EvolutionHD device to protect ePHI.
  • Provide network security to deny unauthorized access, prohibit the EvolutionHD device to be used as an attack platform to compromise other devices critical to the IT infrastructure and to protect ePHI.
  • Periodically apply security patches – Reference document U5012-72 – Admin user manual.
  • Change all default passwords (IT Admin account, EvoHD account, software admin account, BIOS) – Reference document U5012-72 – Admin user manual.
  • See the CyberSecurity documentation for details (for administrators only) – Reference document U5012-73 – CyberSecurity Guide.
  • Utilize archiving and automatic deletion features to regularly back up and purge case data as the system is not intended to serve as a long-term storage device.

The EvolutionHD continues to be CyberSecurity safe after the above recommended options are implemented. If you have any questions, please contact our Customer Technical Support at support@medxchange.com or 1-888-982-4469.

Sincerely,
Med X Change, Inc.
525 8th Street West
Bradenton, FL 34205 USA

Important Information about the CyberSecurity of your DRSHD 1080p

March 9, 2018
Dear valued DRSHD 1080p user,

We strive to offer cutting edge reliable medical devices to the benefit for our customers. We are also doing our utmost to follow existing regulations and laws to ensure maximum safety in all areas of our medical devices including CyberSecurity. The ever-evolving threats in that particular area requires that we always attempt to stay a step ahead of new developments whenever possible. We pride ourselves to offer state-of-art CyberSecurity in our existing and upcoming products. This particular letter addresses the CyberSecurity status of your DRSHD 1080p.

We want to make sure we follow the latest HIPPA and upcoming GDPR regulations. Therefore, we evaluated and investigated if the DRSHD 1080p requires either upgrades/updates or/and instructions what measures to take to enhance the CyberSecurity status of your device.

The objective is to close any potential attack vector(s) due to the many high-profile hacking incidents (e.g. ransomware etc) to lift the bar as high as possible to protect ePHI and deny potential attackers to use the device as launch pad to attack other devices or network.

These are the CyberSecurity related risk factors, potential attack vectors:

  • To use device when incorrectly configured or not secured as per best HIPAA required cyber security practices as jump platform to attack other devices in access range.
  • To compromise PI (patient information) when not following correct setup instructions or best HIPAA cyber security practices. That includes physical access procedures, network procedures and handling data storage in case of device repair needs or disposal after end of life.

These are the steps WE can and will take to remedy and/or mitigate the risk:

  • ePHI will be encrypted at rest and transit (archiving to network locations excluded).
  • User roles based on principals of separation of duties and least privilege to restrict access to user functions.
  • Activity logging (auditing).
  • Session timeout.
  • Giving access to administrators to apply security patches.
  • Firewall configured, deny all, allow by exception.
  • Standard users will login with no access to the OS environment.
  • Default boot environment is restricted user account (restricted run level).
  • Deny execution from removable media.

These are the recommended steps YOU should complete to remedy and/or mitigate the risks to achieve maximum safety:

  • Physical security to deny unauthorized access or theft of the DRSHD 1080p device to protect ePHI.
  • Provide network security to deny unauthorized access, prohibit the DRSHD 1080p device to be used as an attack platform to compromise other devices critical to the IT infrastructure and to protect ePHI.
  • Periodically apply security patches – Reference document UXXXX-XX – Admin user manual.
  • Change all default passwords (IT Admin account, DRSHD 1080p account, software admin account, BIOS) – Reference document UXXX-XX – Admin user manual.
  • See the CyberSecurity documentation for details (for administrators only) – Reference document UXXXX-XX – CyberSecurity Guide.
  • Utilize archiving and automatic deletion features to regularly back up and purge case data as the system is not intended to serve as a long-term storage device.

The DRSHD 1080p continues to be CyberSecurity safe after the above recommended options are implemented. If you have any questions, please contact our Customer Technical Support at support@medxchange.com or 1-888-982-4469.

Sincerely,
Med X Change, Inc.
525 8th Street West
Bradenton, FL 34205 USA

Important Information about the CyberSecurity of your Legacy System*

March 27, 2018
Dear valued Legacy System user,

We strive to offer cutting edge reliable medical devices to the benefit for our customers. We are also doing our utmost to follow existing regulations and laws to ensure maximum safety in all areas of our medical devices including CyberSecurity. The ever-evolving threats in that particular area requires that we always attempt to stay a step ahead of new developments whenever possible. We pride ourselves to offer state-of-art CyberSecurity in our existing and upcoming products. This particular letter addresses the CyberSecurity status of your Legacy System.

We want to make sure we follow the latest HIPPA and upcoming GDPR regulations. Therefore, we evaluated and investigated the Legacy System and came to the finding that CyberSecurity status depends in part on you following the steps outlined below for your device. Legacy systems such as yours cannot be upgraded to adhere to the latest CyberSecurity requirements at the device level.

OUR LATEST PRODUCTS HAVE BEEN DESIGNED FROM THE GROUND UP WITH CYBERSECURITY IN MIND.

The objective is to close any potential attack vector(s) due to the many high-profile hacking incidents (e.g. ransomware etc.) to lift the bar as high as possible to protect ePHI and deny potential attackers to use the device as launch pad to attack other devices or network. Please read our recommendations below.

These are the CyberSecurity related risk factors, potential attack vectors:

  • To use device when incorrectly configured or not secured as per best HIPAA required CyberSecurity practices as jump platform to attack other devices in access range.
  • To compromise PI (patient information) when not following HIPAA CyberSecurity requirements. This includes physical access procedures, network procedures and handling data storage in case of device repair needs or disposal after end of life.

These are the recommended steps YOU should complete to remedy and/or mitigate the risks to achieve maximum safety:

  • Do not connect your legacy device to a data network to prevent that the system can be used as an attack platform to compromise other devices critical to the IT infrastructure and protect ePHI on other devices and networks.
  • Do not use (store) private patient information (ePHI) on your legacy device. Only create anonymous cases.
  • Purge any stored patient information (ePHI) from your legacy device.
  • Provide network security to deny unauthorized access (see number 1 above), prohibit the legacy device to be used as an attack platform to compromise other devices critical to the IT infrastructure and to protect ePHI.
  • Periodically apply security patches if available and technically possible.

The Legacy System CyberSecurity level of safety depends on the above recommended steps to be implemented. We encourage you to look at our state-of-art systems with the latest CyberSecurity features built-in to adhere to the latest regulations and laws. If you have any questions, please contact our Customer Technical Support at support@medxchange.com or 1-888-982-4469.

Sincerely,
Med X Change, Inc.
525 8th Street West
Bradenton, FL 34205 USA

 

* Legacy Systems include:
  • DRS01 or DRSHD
  • DRS2
  • DRS3 (MDRS3, MDRS3MB)
  • DRS4 or MDRS4, DRS 2nd Gen.
  • HDMD-AIO
  • HDMDB
  • HDMD 1080p