Update 4/16/17: Issues have been mitigated, maintenance is now complete.
On April 14, a batch of Windows-targeting exploits, including several suspected 0-day exploits, were released by Shadow Brokers. We have no reason to believe that any Wellpepper systems were targeted or affected. Most of the exploits target the SMB file sharing protocol, which our firewalls block. Additionally, most of Wellpepper’s infrastructure is Linux-based, and is unaffected. However, we do have some Windows systems (fully patched) in our environment that support non-critical functions. Out of an abundance of caution, we are temporarily suspending these systems until the risks are better understood and properly mitigated as needed.
As a result, the following features will be offline until further notice:
- Uploading images or videos attached to secure messages
- PDF Export in the iPad Clinic App
We are working hard to deploy workarounds for these issues where possible. All other Wellpepper functions, including sending/receiving secure messages, and image/video upload for tasks are operating as expected.
Currently, there is not comprehensive information on these exploits. We will be monitoring news sources and updating as information is available.
We will update this blog entry by April 17th with additional information on any impact. If you have any questions about your Wellpepper deployment, please contact Wellpepper Support.
Mike Van Snellenberg, Wellpepper CTO