Attention: Immediate Action Required – TLS 1.2 Security Deadline – April 2, 2018

Last updated on April 26th, 2018 at 04:35 pm CT

[Update 04.26.2018]
Immediate Action Required – TLS 1.2 Deadlines Extended

Review Immediately – PCI Compliance and TLS 1.2 Security Deadlines Extended
In the event your location cannot meet these deadlines, please immediately reach out to us at customer.support@experianhealth.com so that we can audit the progress of your required upgrades.

Financial Products, Extended Deadline – Friday, May 4, 2018
Due to PCI Compliance and TLS 1.2 Security Requirements, clients or end users who process payments using any of our Financial Products (PaymentSafe, Link2Gov or L2G, Concord/First Data, Patient Self-Service, Cash Tracking) must take the following actions. In consideration of efforts being made by our clients to achieve compliance, please be advised of the following:

  • Browsers must be TLS1.2 compliant by 5/4.
  • Whitelisting of Domains and IPs need to be Added or Updated by 5/4.
  • NextBar and PIC updates must be updated by 6/30.

Please inform and communicate with your IT Staff and/or Network Administrators, to ensure that each of the following URLs and IP addresses are included and/or added in your Network Configuration and “Whitelisted” for any of your network proxy servers and firewalls. To avoid any service disruption and/or end-user access, please complete this action prior to Friday, May 4,2018.

URL/Domain – paymentsafe.experianhealth.com
Whitelist IP Range – 199.96.232.175/199.96.233.175

URL/Domain – collections.ecarenext.com
Whitelist IP Range – 199.96.232.176/199.96.233.176

Non-Financial Products, Deadline by June 30, 2018
Clients who do not have our Financial Products, must complete their upgrades by: June 30, 2018.

  • Browsers must be TLS1.2 compliant by 6/30
  • NextBar and PIC updates must be updated by 6/30

Download – TLS 1.2 Readiness Document
Includes Instructions, Checklist, FAQs, Compatibility, and Product Testing


Product Specific Actions Required for TLS 1.2 Deadlines

eCare NEXT Bar and IntelliSource (PIC)
In addition to enabled TLS 1.2 Internet Browsers, eCare NEXT (Click-Once, MSI, IPS), IntelliSource, and Medical Necessity clients must upgrade their applications.   Instructions for enabling and testing TLS 1.2 can be downloaded in our TLS 1.2 Readiness Document, that provides Checklist, FAQs, Compatibility, and Product Testing.

  • If you have Financial Products –
    Your Deadline is May 4, 2018 to Upgrade Your Browser and NextBar/PIC.
  • If you don’t have Financial Products –
    Your Deadline is June 30, 2018 to Upgrade Your Browser and NextBar/PIC.

Medical Necessity
Use this link to download the TLS 1.2 requirements and upgrade instructions for the Medical Necessity – Thin Client.  This is only for clients who use the Legacy Order Checker application (a/k/a Healthworks and IntelliSource Medical Necessity). This update does not apply to clients who use Order Checker within their eCare NEXT platform.


[Previously Posted]

 

See TLS 1.2 Update, March 15, 2018


Please Read.   Approaching TLS 1.2 Security Deadline, set for April 2, 2018.
We want to remind you about our ongoing TLS 1.2 project and to ensure you are aware that this initiative requires your immediate attention.  Experian Health is focused on helping our customers improve their security by using the latest security protocols. At Experian Health, we take the protection of our customer’s data very seriously. The disablement of TLS 1.0 and TLS 1.1 is being undertaken so we can maintain the highest security standards and promote the safety of your data as well as align with industry-wide best practices. This phased approach will prevent older encryption protocols from being used to access Experian Health services within inbound and outbound connections.

TLS1.2 – Project FAQs and Preparation Checklist – 12062017

To avoid disruption, you should ensure that all minimum TLS 1.2 requirements are met by April 2, 2018.  Please take immediate action to ensure that your internal systems are tested with TLS 1.2 today.  If you cannot meet TLS 1.2 protocol requirements, you will not be able to access Experian Health systems after this date.

Clients will be required to perform the necessary web browser, software specific updates, and .NET upgrades before 04/02/2018. Your users should not experience an impact accessing Experian Health in your browser(s) unless you are using a non-supported browser, have disabled the supported encryption protocols in the browser or have not upgraded to minimum .NET 4.6.2 framework required for new NEXT bar, PIC and Smart Agent deployments.

New versions of the NEXT, PIC and Smart Agent have been made available.

eCare Next and IntelliSource TLS Upgrade Notification
Please contact our customer support team to begin your TLS 1.2 compliance testing via eCare NEXT. This is a critical step if you use eCare NEXT (click-once, MSI, IPS) or IntelliSource. It is imperative that we require your assistance in testing this security update. Simple testing can only be performed by using a single user account at your facility. This will allow you to work directly with our team to confirm and make certain that our solutions work for you once we mandate these changes on Monday, April 2nd, 2018.

Click here for a tutorial Instructions and eCare NEXT Bar and IntelliSource TLS12 Upgrade Requirements 
For more information, contact us at customer.support@experianhealth.com

Medical Necessity – Thin Client TLS Upgrade Notification
The requirements and instructions to upgrade Medical Necessity Thin Client are available by clicking here. This is only for clients who use the Legacy Order Checker application (a/k/a Healthworks and IntelliSource Medical Necessity). This update does not apply to clients running Order Checker within the eCare Next platform.  This upgrade needs to be completed and tested prior to Monday, April 2nd, 2018. For more information, contact us at compliance.support@experianhealth.com.

Search America – TLS Upgrade Notification
As necessary, please forward this message to the individual responsible for performing IT and security updates within your organization.  Due to a series of vulnerabilities in early Transport Layer Security (TLS) that no longer meet minimum security standards, Experian Health is disabling support of TLS 1.0 and TLS 1.1.

The most common way a user will be impacted is if they are still using Internet Explorer (IE) 7 or older, these browsers will not work once TLS 1.2 cutover happens.  For SearchAmerica specific questions, contact us at ehccustomercare@experian.com