The FBI won’t ask you for money — that’s a scam
This article was originally posted by the FTC. See the original article here.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
#StopRansomware: Hive Ransomware
This article is contributed. See the original author and article here.
Summary
Actions to Take Today to Mitigate Cyber Threats from Ransomware:
• Prioritize remediating known exploited vulnerabilities.
• Enable and enforce multifactor authentication with strong passwords
• Close unused ports and remove any application not deemed necessary for day-to-day operations.
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022.
FBI, CISA, and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. Victims of ransomware operations should report the incident to their local FBI field office or CISA.
Download the PDF version of this report: pdf, 852.9 kb.
For a downloadable copy of IOCs, see AA22-321A.stix (STIX, 43.6 kb).
Technical Details
Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 12. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques.
As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information. Hive ransomware follows the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks. From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).
The method of initial intrusion will depend on which affiliate targets the network. Hive actors have gained initial access to victim networks by using single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols [T1133]. In some cases, Hive actors have bypassed multifactor authentication (MFA) and gained access to FortiOS servers by exploiting Common Vulnerabilities and Exposures (CVE) CVE-2020-12812. This vulnerability enables a malicious cyber actor to log in without a prompt for the user’s second authentication factor (FortiToken) when the actor changes the case of the username.
Hive actors have also gained initial access to victim networks by distributing phishing emails with malicious attachments [T1566.001] and by exploiting the following vulnerabilities against Microsoft Exchange servers [T1190]:
- CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
- CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-34523 – Microsoft Exchange Server Privilege Escalation Vulnerability
After gaining access, Hive ransomware attempts to evade detention by executing processes to:
- Identify processes related to backups, antivirus/anti-spyware, and file copying and then terminating those processes to facilitate file encryption [T1562].
- Stop the volume shadow copy services and remove all existing shadow copies via vssadmin on command line or via PowerShell [T1059] [T1490].
- Delete Windows event logs, specifically the System, Security and Application logs [T1070].
Prior to encryption, Hive ransomware removes virus definitions and disables all portions of Windows Defender and other common antivirus programs in the system registry [T1112].
Hive actors exfiltrate data likely using a combination of Rclone and the cloud storage service Mega.nz [T1537]. In addition to its capabilities against the Microsoft Windows operating system, Hive ransomware has known variants for Linux, VMware ESXi, and FreeBSD.
During the encryption process, a file named *.key (previously *.key.*) is created in the root directory (C: or /root/). Required for decryption, this key file only exists on the machine where it was created and cannot be reproduced. The ransom note, HOW_TO_DECRYPT.txt is dropped into each affected directory and states the *.key file cannot be modified, renamed, or deleted, otherwise the encrypted files cannot be recovered [T1486]. The ransom note contains a “sales department” .onion link accessible through a TOR browser, enabling victim organizations to contact the actors through a live chat panel to discuss payment for their files. However, some victims reported receiving phone calls or emails from Hive actors directly to discuss payment.
The ransom note also threatens victims that a public disclosure or leak site accessible on the TOR site, “HiveLeaks”, contains data exfiltrated from victim organizations who do not pay the ransom demand (see figure 1 below). Additionally, Hive actors have used anonymous file sharing sites to disclose exfiltrated data (see table 1 below).
|
https://mega[.]nz |
|
https://send.exploit[.]in |
|
https://ufile[.]io |
|
https://www.sendspace[.]com |
|
https://privatlab[.]net |
|
https://privatlab[.]com |
Once the victim organization contacts Hive actors on the live chat panel, Hive actors communicate the ransom amount and the payment deadline. Hive actors negotiate ransom demands in U.S. dollars, with initial amounts ranging from several thousand to millions of dollars. Hive actors demand payment in Bitcoin.
Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organizations who have restored their network without making a ransom payment.
Indicators of Compromise
Threat actors have leveraged the following IOCs during Hive ransomware compromises. Note: Some of these indicators are legitimate applications that Hive threat actors used to aid in further malicious exploitation. FBI, CISA, and HHS recommend removing any application not deemed necessary for day-to-day operations. See tables 2–3 below for IOCs obtained from FBI threat response investigations as recently as November 2022.
|
Known IOCs – Files |
|
HOW_TO_DECRYPT.txt typically in directories with encrypted files |
|
*.key typically in the root directory, i.e., C: or /root |
|
hive.bat |
|
shadow.bat |
|
asq.r77vh0[.]pw – Server hosted malicious HTA file |
|
asq.d6shiiwz[.]pw – Server referenced in malicious regsvr32 execution |
|
asq.swhw71un[.]pw – Server hosted malicious HTA file |
|
asd.s7610rir[.]pw – Server hosted malicious HTA file |
|
Windows_x64_encrypt.dll |
|
Windows_x64_encrypt.exe |
|
Windows_x32_encrypt.dll |
|
Windows_x32_encrypt.exe |
|
Linux_encrypt |
|
Esxi_encrypt |
|
Known IOCs – Events |
|
System, Security and Application Windows event logs wiped |
|
Microsoft Windows Defender AntiSpyware Protection disabled |
|
Microsoft Windows Defender AntiVirus Protection disabled |
|
Volume shadow copies deleted |
|
Normal boot process prevented |
|
Known IOCs – Logged Processes |
|
wevtutil.exe cl system |
|
wevtutil.exe cl security |
|
wevtutil.exe cl application |
|
vssadmin.exe delete shadows /all /quiet |
|
wmic.exe SHADOWCOPY /nointeractive |
|
wmic.exe shadowcopy delete |
|
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures |
|
bcdedit.exe /set {default} recoveryenabled no |
|
84.32.188[.]57 |
84.32.188[.]238 |
|
93.115.26[.]251 |
185.8.105[.]67 |
|
181.231.81[.]239 |
185.8.105[.]112 |
|
186.111.136[.]37 |
192.53.123[.]202 |
|
158.69.36[.]149 |
46.166.161[.]123 |
|
108.62.118[.]190 |
46.166.161[.]93 |
|
185.247.71[.]106 |
46.166.162[.]125 |
|
5.61.37[.]207 |
46.166.162[.]96 |
|
185.8.105[.]103 |
46.166.169[.]34 |
|
5.199.162[.]220 |
93.115.25[.]139 |
|
5.199.162[.]229 |
93.115.27[.]148 |
|
89.147.109[.]208 |
83.97.20[.]81 |
|
5.61.37[.]207 |
5.199.162[.]220 |
|
5.199.162[.]229; |
46.166.161[.]93 |
|
46.166.161[.]123; |
46.166.162[.]96 |
|
46.166.162[.]125 |
46.166.169[.]34 |
|
83.97.20[.]81 |
84.32.188[.]238 |
|
84.32.188[.]57 |
89.147.109[.]208 |
|
93.115.25[.]139; |
93.115.26[.]251 |
|
93.115.27[.]148 |
108.62.118[.]190 |
|
158.69.36[.]149/span> |
181.231.81[.]239 |
|
185.8.105[.]67 |
185.8.105[.]103 |
|
185.8.105[.]112 |
185.247.71[.]106 |
|
186.111.136[.]37 |
192.53.123[.]202 |
MITRE ATT&CK TECHNIQUES
See table 4 for all referenced threat actor tactics and techniques listed in this advisory.
|
Initial Access |
||
|
Technique Title |
ID |
Use |
|
External Remote Services |
Hive actors gain access to victim networks by using single factor logins via RDP, VPN, and other remote network connection protocols. |
|
|
Exploit Public-Facing Application |
Hive actors gain access to victim network by exploiting the following Microsoft Exchange vulnerabilities: CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, CVE-2021-42321. |
|
|
Phishing |
Hive actors gain access to victim networks by distributing phishing emails with malicious attachments. |
|
|
Execution |
||
|
Technique Title |
ID |
Use |
|
Command and Scripting Interpreter |
Hive actors looks to stop the volume shadow copy services and remove all existing shadow copies via vssadmin on command line or PowerShell. |
|
|
Defense Evasion |
||
|
Technique Title |
ID |
Use |
|
Indicator Removal on Host |
Hive actors delete Windows event logs, specifically, the System, Security and Application logs. |
|
|
Modify Registry |
Hive actors set registry values for DisableAntiSpyware and DisableAntiVirus to 1. |
|
|
Impair Defenses |
Hive actors seek processes related to backups, antivirus/anti-spyware, and file copying and terminates those processes to facilitate file encryption. |
|
|
Exfiltration |
||
|
Technique Title |
ID |
Use |
|
Transfer Data to Cloud Account |
Hive actors exfiltrate data from victims, using a possible combination of Rclone and the cloud storage service Mega.nz. |
|
|
Impact |
||
|
Technique Title |
|
Use |
|
Data Encrypted for Impact |
Hive actors deploy a ransom note HOW_TO_DECRYPT.txt into each affected directory which states the *.key file cannot be modified, renamed, or deleted, otherwise the encrypted files cannot be recovered. |
|
|
Inhibit System Recovery |
Hive actors looks to stop the volume shadow copy services and remove all existing shadow copies via vssadmin via command line or PowerShell. |
|
Mitigations
FBI, CISA, and HHS recommend organizations, particularly in the HPH sector, implement the following to limit potential adversarial use of common system and network discovery techniques and to reduce the risk of compromise by Hive ransomware:
- Verify Hive actors no longer have access to the network.
- Install updates for operating systems, software, and firmware as soon as they are released. Prioritize patching VPN servers, remote access software, virtual machine software, and known exploited vulnerabilities. Consider leveraging a centralized patch management system to automate and expedite the process.
- Require phishing-resistant MFA for as many services as possible—particularly for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups.
- If used, secure and monitor RDP.
- Limit access to resources over internal networks, especially by restricting RDP and using virtual desktop infrastructure.
- After assessing risks, if you deem RDP operationally necessary, restrict the originating sources and require MFA to mitigate credential theft and reuse.
- If RDP must be available externally, use a VPN, virtual desktop infrastructure, or other means to authenticate and secure the connection before allowing RDP to connect to internal devices.
- Monitor remote access/RDP logs, enforce account lockouts after a specified number of attempts to block brute force campaigns, log RDP login attempts, and disable unused remote access/RDP ports.
- Be sure to properly configure devices and enable security features.
- Disable ports and protocols not used for business purposes, such as RDP Port 3389/TCP.
- Maintain offline backups of data, and regularly maintain backup and restoration. By instituting this practice, the organization ensures they will not be severely interrupted, and/or only have irretrievable data.
- Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure. Ensure your backup data is not already infected.,
- Monitor cyber threat reporting regarding the publication of compromised VPN login credentials and change passwords/settings if applicable.
- Install and regularly update anti-virus or anti-malware software on all hosts.
- Enable PowerShell Logging including module logging, script block logging and transcription.
- Install an enhanced monitoring tool such as Sysmon from Microsoft for increased logging.
- Review the following additional resources.
- The joint advisory from Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity provides additional guidance when hunting or investigating a network and common mistakes to avoid in incident handling.
- The Cybersecurity and Infrastructure Security Agency-Multi-State Information Sharing & Analysis Center Joint Ransomware Guide covers additional best practices and ways to prevent, protect, and respond to a ransomware attack.
- StopRansomware.gov is the U.S. Government’s official one-stop location for resources to tackle ransomware more effectively.
If your organization is impacted by a ransomware incident, FBI, CISA, and HHS recommend the following actions.
- Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected.
- Turn off other computers and devices. Power-off and segregate (i.e., remove from the network) the infected computer(s). Power-off and segregate any other computers or devices that share a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering-off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists.
- Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.
In addition, FBI, CISA, and HHS urge all organizations to apply the following recommendations to prepare for, mitigate/prevent, and respond to ransomware incidents.
Preparing for Cyber Incidents
- Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
- Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy.
- Document and monitor external remote connections. Organizations should document approved solutions for remote management and maintenance, and immediately investigate if an unapproved solution is installed on a workstation.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, the cloud).
Identity and Access Management
- Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to comply with National Institute of Standards and Technology (NIST) standards for developing and managing password policies.
- Use longer passwords consisting of at least 8 characters and no more than 64 characters in length.
- Store passwords in hashed format using industry-recognized password managers.
- Add password user “salts” to shared login credentials.
- Avoid reusing passwords.
- Implement multiple failed login attempt account lockouts.
- Disable password “hints.”
- Refrain from requiring password changes more frequently than once per year unless a password is known or suspected to be compromised.
Note: NIST guidance suggests favoring longer passwords instead of requiring regular and frequent password resets. Frequent password resets are more likely to result in users developing password “patterns” cyber criminals can easily decipher. - Require administrator credentials to install software.
- Require phishing-resistant multifactor authentication for all services to the extent possible, particularly for webmail, virtual private networks, and accounts that access critical systems.
- Review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.
- Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege.
- Implement time-based access for accounts set at the admin level and higher. For example, the Just-in-Time (JIT) access method provisions privileged access when needed and can support enforcement of the principle of least privilege (as well as the Zero Trust model). This is a process where a network-wide policy is set in place to automatically disable admin accounts at the Active Directory level when the account is not in direct need. Individual users may submit their requests through an automated process that grants them access to a specified system for a set timeframe when they need to support the completion of a certain task.
Protective Controls and Architecture
- Segment networks to prevent the spread of ransomware. Network segmentation can help prevent the spread of ransomware by controlling traffic flows between—and access to—various subnetworks and by restricting adversary lateral movement.
- Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting the ransomware, implement a tool that logs and reports all network traffic, including lateral movement activity on a network. Endpoint detection and response (EDR) tools are particularly useful for detecting lateral connections as they have insight into common and uncommon network connections for each host.
- Install, regularly update, and enable real time detection for antivirus software on all hosts.
Vulnerability and Configuration Management
- Consider adding an email banner to emails received from outside your organization.
- Disable command-line and scripting activities and permissions. Privilege escalation and lateral movement often depend on software utilities running from the command line. If threat actors are not able to run these tools, they will have difficulty escalating privileges and/or moving laterally.
- Ensure devices are properly configured and that security features are enabled.
- Restrict Server Message Block (SMB) Protocol within the network to only access necessary servers and remove or disable outdated versions of SMB (i.e., SMB version 1). Threat actors use SMB to propagate malware across organizations.
REFERENCES
INFORMATION REQUESTED
The FBI, CISA, and HHS do not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. However, the FBI, CISA, and HHS understand that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. Regardless of whether you or your organization decide to pay the ransom, the FBI, CISA, and HHS urge you to promptly report ransomware incidents to your local FBI field office, or to CISA at report@cisa.gov or (888) 282-0870. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under US law, and prevent future attacks.
The FBI may seek the following information that you determine you can legally share, including:
- Recovered executable files
- Live random access memory (RAM) capture
- Images of infected systems
- Malware samples
- IP addresses identified as malicious or suspicious
- Email addresses of the attackers
- A copy of the ransom note
- Ransom amount
- Bitcoin wallets used by the attackers
- Bitcoin wallets used to pay the ransom
- Post-incident forensic reports
DISCLAIMER
The information in this report is being provided “as is” for informational purposes only. FBI, CISA, and HHS do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by FBI, CISA, or HHS.
Revisions
Initial Version: November 17, 2022
This product is provided subject to this Notification and this Privacy & Use policy.
CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain
This article is contributed. See the original author and article here.
Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series – Recommended Practices Guide for Customers. This publication follows the August 2022 release of guidance for developers and October 2022 release of guidance for suppliers.
The guidance released today, along with its accompanying fact sheet, provides recommended practices for software customers to ensure the integrity and security of software during the procuring and deployment phases.
The Securing Software Supply Chain Series is an output of the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA. This series complements other U.S. government efforts underway to help the software ecosystem secure the supply chain, such as the software bill of materials (SBOM) community.
CISA encourages all organizations that participate in the software supply chain to review the guidance. See CISA’s Information and Communications Technology (ICT) Supply Chain Risk Management Task Force, ICT Supply Chain Resource Library, and National Risk Management Center (NRMC) webpages for additional guidance.
Setup a Cosmos DB custom endpoint directly from IoT Hub
This article is contributed. See the original author and article here.
We are excited to announce the public preview support for Cosmos DB endpoint from IoT Hub in November 2022. You can now stream your data directly from IoT Hub to Cosmos DB.
Many IoT solutions require extensive downstream data analysis and pushing data into hyperscale databases. For example, IoT implementations in manufacturing and intelligent transport systems require hyperscale databases with extremely high throughput to process the continuous stream of data. Traditional SQL based relational databases cannot scale optimally and also become expensive once data scale increases. Cosmos DB is best suited for such cases where the data needs to be analyzed while it is being written!
Until today, there was no direct way to get IoT device data to Cosmos DB. You had to either setup a custom application or use other tools like Azure Functions or Azure Stream Analytics to collect the streaming data and then write to Cosmos DB. This was not only an additional overhead, but also increased the overall cost of the solution. You don’t need to do this any longer – with the new release, you can:
- Configure a Cosmos DB account as a custom endpoint within the IoT Hub
- Use Synthetic Partition Keys to auto-generate partition keys based on your business logic
- Create routing rules to send data directly to the defined Cosmos DB endpoint
How to configure a Cosmos DB endpoint?
Setting up a Cosmos DB endpoint is pretty straightforward. In the Azure portal, open the IoT Hub blade that you have setup and navigate to the Hub settings. Select “Message Routing” on the left pane and click on “Custom endpoints” and choose “Cosmos DB” from the dropdown list. Once you select Cosmos DB as your preferred endpoint, the below screen appears – configure the endpoint and click on Create to complete the process.
Once you have setup the Cosmos DB endpoint, you can use it to setup routes, create routing rules and use all the other functionalities available in message routing within IoT Hub.
When should I use Synthetic Partition Keys?
IoT Hub supports writing to Cosmos DB in JSON (if specified in the message content-type) or as Base64 encoded binary. You can also enable Synthetic Partition Keys to create logical partitions of your data automatically based on your business logic and data growth rate.
As Cosmos DB is a hyperscale datastore, all data/documents written to it must contain a field that represents a logical partition. The partition key property name is defined at the Container level and cannot be changed once it has been set. Each logical partition has a maximum size of 20GB. To effectively support high-scale scenarios, you can enable Synthetic Partition Keys for the Cosmos DB endpoint and configure them based on your estimated data volume. For example, in manufacturing scenarios, your logical partition might be expected to approach its max limit of 20 GB within a month. In that case, you can define a Synthetic Partition Key which is a combination of the device id and the month. This key will be automatically added to the partition key field for each new Cosmos DB record, ensuring logical partitions are created each month for each device.
What next?
Setting up of Cosmos DB endpoint from the Azure portal is available for public preview in November 2022. You can learn more about the functionality from our documentation. We are working towards adding support for setup via CLI and general availability of Cosmos DB custom endpoints – this is coming soon! You can also reach out to us via various support tools if you have any questions or require technical support.
We are looking forward to your feedback!
#StopRansomware: Hive
This article is contributed. See the original author and article here.
Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022.
Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and—especially—Healthcare and Public Health (HPH).
CISA encourages network defenders to review the CSA and to apply the included mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.
CISA Releases Two Industrial Control Systems Advisories
This article is contributed. See the original author and article here.
CISA has released two (2) Industrial Control Systems (ICS) advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:
• ICSA-22-321-01 Red Lion Crimson
• ICSA-22-321-02 Cradlepoint IBR600
Cisco Releases Security Updates for Identity Services Engine
This article is contributed. See the original author and article here.
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.Healthcare Shorts: Home Adaptations
This article is contributed. See the original author and article here.
Historically, field workers supporting cases for Medicaid members of their health plan used manual processes to track Home Modifications (ramp needed, pets present, support bars needed in the bathroom, etc.). With the Home Adaptations Power Apps, customers can replace those manual systems with modern applications for case managers and field inspectors that include automatic email communication between contractors for case, bid, and project management.
Problem Statement
Typical home modification support is manual, disjointed, and wrought with human error:
- Manual data entry errors
- Typical processes do not scale or allow for growth
- Poor visibility into open cases and missed compliance targets lead to financial penalties
- Poor member satisfaction due to no communication and missed due dates
Business Outcome
Updating the field servicing solution to a modern platform significantly improves outcomes and patient satisfaction:
- Excites and empowers field and internal support workers
- Limits human error and provides visibility to data which prevents costly penalties
- Boosts customer (health plan member) satisfaction
- Provides executive visibility into key metrics
- Built on a scalable and customizable platform for growth
Solution Overview
The Home Adaptations Power Apps suite includes a Model Drive App for the back of the house, a Canvas App for field inspectors, and a handful of Flows to support an end-to-end solution. As a quick walkthrough:
- A Service Coordinator initiates requests for the home modification team using a model-driven case management app.
- The request is sent to an evaluator to determine the required remediation using the mobile canvas app (including the ability to take pictures of the home/scenario).
- The remediation is sent out to bid using Flow which sends an email with a summary and an attached Excel bidding template to all service providers available in the system.
- Potential providers respond to the bid by replying to the email with a completed Excel workbook. Another Flow picks up the email response and updates the bids table related to the remediation request in the model-driven app.
- A service provider is awarded the project using Flow to automatically notify the award winner via email.
- The provider completes the work and invoices using a model-driven business process flow to close the case.
Let’s partner together to help provide quick and effective home adaptations for people with needs.
Thanks for reading, Shelly Avery |Email, LinkedIn
If you are interested in more content like this, then follow https://aka.ms/HealthcareShorts
Please follow aka.ms/HLSBlog for all this great content.
Introducing Microsoft Supply Chain Platform—an open, flexible, collaborative, and secure platform
This article is contributed. See the original author and article here.
Organizations worldwide seek reliability in their supply chains to meet the demand of their customers. If there is anything that companies have learned from the years past, it’s to plan for the unexpected. Using history to make decisions for the future no longer works. Customer demand is constantly changing, whether it’s influenced by the economic climate or making environmentally conscious purchase decisions.
At the Microsoft Supply Chain Reimagined digital event, you heard how conversations about supply chains have been elevated to the board room as they are pivotal to gain a competitive advantage for any organization today. We heard from supply chain practitioners, both within Microsoft and from our customers, on the need to address the fragmented ecosystems of supply chain technologies. This is critical for enabling end-to-end visibility of supply chains in near real time. Without this visibility, customers are struggling to unify data to proactively predict and mitigate disruptions.
Microsoft Supply Chain Center
Earlier this week, we announced the Microsoft Supply Chain Platform to help address these challenges. An open, extensible, and adaptive platform enables companies to unify experiences across different planning and execution systems. At the core of the Supply Chain Platform is the Microsoft Supply Chain Center, which introduces a ready-made command center for users to manage disparate supply chain data. Microsoft Supply Chain Center is now available in preview.
Watch the video:
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
Connect your ecosystem
Most organizations rely on legacy systems and one-off “best-in-breed” applications to manage their supply chain rather than a single, integrated platform, which puts them at a competitive disadvantage.
Recent research from Harvard Business Review Analytic Services commissioned by Microsoft shows that 65 percent of executives cite lack of access to real-time supply chain data as a technological obstacle to their supply chain operationsand only 11 percent have a modern, integrated digital solution for their supply chain.*
We are helping companies address this challenge with the Supply Chain Center. Its data manager harmonizes data across existing and new enterprise resource planning (ERP) and supply chain systems in the company. For example, it can unify and harmonize data from Microsoft Dynamics 365, SAP, Oracle, Overhaul, C.H. Robinson, FedEx, FourKites, and many more. An open, flexible platform helps maximize their existing investments without needing to replace them. Now companies can have better data visibility in near real time across their entire supply chain to better assess risks.
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
Microsoft customers, like Kraft Heinz, joined the discussion during the Supply Chain Reimagined event to share how the Supply Chain Platform will empower them to gain reliability and scalability by identifying trends faster than ever before. Kraft Heinz can not only assess risks faster but also collaborate efficiently across its teams and suppliers to mitigate those risks proactively.
With Supply Chain Center, we want to make it easy for companies to adopt new supply chain solutions in an incremental manner to digitally transform different functional areas of their supply chain while ensuring that those new solutions adopted in the future are interoperable with their existing landscape to achieve faster time to value. It’s all about doing more with less.
Enhance supply chain visibility
Once companies overcome the challenge of data visibility, the Supply Chain Platform enables them to generate actionable insights from this unified data to predict stockouts or shipment delays and prevent overstocking. Companies can track orders all the way until they reach their end consumer and proactively mitigate any constraints along the way to meet customer commitments. This type of end-to-end visibility is only possible with a unified platform approach.
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
Customers like Daimler Truck North America manage hundreds of thousands of parts across their global supply chain. Using the AI-powered supply and demand insights capabilities of the Supply Chain Center, which harnesses data flowing from the rest of the platform, they predict any parts shortages in their supply chain ahead of time so that they can proactively mitigate them and deliver on their promises to their customers, dealerships, and partners.
Another customer, iFIT, leverages Supply Chain Center to generate intelligent insights that will enable it to place products closer to where its customer demand is rather than just relying on history. It was able to improve efficiency from 30 percent to 75 percent in its forward stocking inventory, which means it can fulfill customer demand in two days versus two weeks, resulting in more satisfied customers.
The research with Harvard Business Review Analytic Services also finds that nearly one third of the companies struggle with poor collaboration between internal supply chain teams and external partners.*
The best part about leveraging the Microsoft ecosystem is that the supply chain team can rapidly act on these recommendations by collaborating internally or with external suppliers with built-in Microsoft Teams capabilities right from within the Supply Chain Center without having to toggle between multiple systems.
Gain agility to meet market demands
The Supply Chain Platform helps companies adapt to changing business needs with ease. Companies like GN Group, which offers brands like Jabra and Resound, are using Microsoft Dynamics 365 Supply Chain Management, a market-leading solution of the Supply Chain Platform, to future-proof its business and gain the flexibility to adapt to changing needs. Other customers like ChemTreat, Inc. are able to improve proactive planning with Dynamics 365 to mitigate part shortages. With Dynamics 365, organizations can shorten delivery lead times by running material resource planning (MRP) frequently throughout the day in a matter of minutes, optimize inventory with a real-time view of inventory across channels, and fulfill order promises by reserving inventory for high priority orders.
Companies can gain flexible capacity by rapidly deploying pop-up warehouses with robotic automation to meet seasonal demand more effectively, and the warehouse employees can gain additional agility using the mobile warehouse app to execute the warehouse processes.
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
Companies like Barnas Hus, a leading children and baby product retail chain in Norway, worked with KPMG to implement the warehouse management capabilities of Dynamics 365 to power its new state-of-the-art warehouse that utilizes robotics to accurately pick, sustainably pack, and ship products to its stores, giving it the inventory visibility that it always needed.
Another customer, Peet’s Coffee, uses the advanced warehouse management capabilities of Dynamics 365 to serve multiple channels: direct-to-consumer, retail coffee bars, customer warehouses, e-commerce customers, and direct store delivery (DSD) warehouses. Dynamics 365 provides Peets Coffee the flexibility it needs to support a diverse range of channels.
Improve efficiency and productivity
For many manufacturers, the current state of their operations is disconnected and rigid. With the Supply Chain Platform, companies can take advantage of intelligent automation to reduce costs, maximize operating margins, and improve employee experiences. With Dynamics 365, companies can build connected and intelligent manufacturing processes with an intuitive, touch-friendly production floor execution interface. New process advisor capabilities in Microsoft Power Automate provide customers with deep insights to identify bottlenecks in processes to drive optimization and efficiencies with low-code automation.
The Supply Chain Platform has enabled customers like Jansen to extend Dynamics 365 with Power Apps and Power Automate to create bespoke processes on the production floor that get the right information to the right operator with the least amount of manual intervention. The power of unifying all data in Dynamics 365 has enabled production planners at Jansen to provide more efficient production sequences, minimizing materials and equipment changeovers so that they can meet customer orders on time by reducing time and enhancing operator productivity.
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
Organizations can further enhance the visibility on their production floor with native integration to any manufacturing execution system (MES) without replacing it. They can optimize the use of equipment and resources with AI-driven, capability-matching production scheduling.
Another customer, Alterra Mountain Company, has increased asset utilization and gained complete visibility into asset costs and conditions across its ski resorts in North America. It performs proactive maintenance to decrease unplanned asset downtime and downstream disruptions and optimize maintenance spend and spare parts inventory.
The research with Harvard Business Review Analytic Services also showed that more than 30 percent of the companies struggled with finding the right talent with supply chain skills and expertise.*
The Supply Chain Platform keeps frontline workers safer while accelerating upskilling, reducing errors, and increasing yield with step-by-step holographic work instructions. Use mixed reality and built-in Teams capabilities to collaborate in real-time with experts, improving productivity and reducing environmental impact from unnecessary travel.
Enhance security and sustainability
Organizations are encountering increased volumes and more sophisticated threats to their environments than ever before. Unmanaged Internet of Things (IoT), industrial control system (ICS), and operational technology (OT) devices are a force driving new advances in the industry but have also tripled the size of the attack surface area. Securing these devices is a mission-critical objective for any organization. The Microsoft Supply Chain Platform helps organizations create a secure supply chain by detecting and preventing any cyber threat by improving cyber security, physical management, and endpoint security across their entire supply chain network with multiple levels of security and continuous updates and patches.
The Supply Chain Platform also helps accelerate sustainability initiatives all the way from sustainable design, to sourcing, to manufacturing, and fulfillment. With Supply Chain Center order management capabilities, retailers can streamline returns sustainably with out-of-the-box connectors to FedEx. They can implement boxless returns with supporting carriers for less packaging waste and fewer consolidated trips instead of individual customer returns.
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
The rules-based fulfillment orchestration engine in Supply Chain Center enables organizations to fulfill orders sustainably while meeting their customer’s order promise. For instance, rules-based setup allows companies to balance miles travelled from fulfillment center to customers to minimize their emissions with service-level agreements (SLAs) to ensure on-time delivery.
Companies can establish ethical and sustainable sourcing practices with Dynamics 365. Sustainability scoreboards help them make data-driven decisions about supply chain changes to improve their metrics and further their sustainability goals.
Another way to operate sustainably is to drive circularity. Essentiallyinstead of throwing away goods at the end of their life, finding ways to reuse or recycle them to reduce carbon emissions. This could also be a new revenue stream for companies.
Our own Microsoft Circular Centers have a unique process to optimize warehouse routing and management systems to process decommissioned servers from Microsoft datacenters. By leveraging the low-code Microsoft Power Platform solutions, Dynamics 365 Supply Chain Management was extended to build a reverse logistics solution that helped reuse, resale, and recycle the decommissioned data center assets. This is helping to put Microsoft on the path to achieving its sustainability goals by 2030.
To further support organizations to achieve their sustainability goals, last month at Microsoft Ignite we introduced new capabilities in Sustainability Manager, a Microsoft Cloud for Sustainability solution that enables organizations to store and reduce indirect value chain emissions (also known as “Scope 3” emissionsthe supply chain of your suppliers), which account for a disproportionate share of most organizations’ carbon footprints. The solution includes prebuilt calculation methodologies for more than half of the 15 categories of Scope 3.
Partner to empower customers in supply chain transformation
With the Supply Chain Platform, partners can bring their industry and domain expertise to create integrated solutions leveraging Microsoft Supply Chain Center, Dynamics 365 Supply Chain Management, Microsoft Azure, Teams, and Microsoft Power Platform. We will continue to support our customers with a rich partner ecosystem, including advisors and implementers like Accenture, Avanade, EY, KPMG, PwC, and TCS. In addition, to help customers find the best solution for their supply chain needs, we’ll continue working with solution providers such as Blue Yonder, Cosmo Tech, Experlogix, Flintfox, inVia Robotics, K3, o9 Solutions, SAS, Sonata Software, To-Increase software, and many more.
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
Ready to take action?
Take a free trial of Microsoft Supply Chain Center, which is now in preview.
Watch the Supply Chain Reimagined Event.
Learn more about the Microsoft Supply Chain Platform.
*Harvard Business Review Analytic Services research, “A supply chain built for a competitive advantage” commissioned by Microsoft.
The post Introducing Microsoft Supply Chain Platform—an open, flexible, collaborative, and secure platform appeared first on Microsoft Dynamics 365 Blog.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Samba Releases Security Updates
This article is contributed. See the original author and article here.
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Samba security announcement CVE-2022-42898 and apply the necessary updates.
Recent Comments