News
TLS 1.3 support added
Feb 24, 2025
Transportation Layer Security (TLS) 1.3 protocol provides a new level of privacy and performance compared to previous versions of TLS. The TLS 1.3 protocol (RFC8446) is faster, more secure and removes some obsolete features in TLS 1.2.
TLS 1.3 is now available on Canadian UAT and Production systems. While we still support TLS 1.2 the upgrade does deprecate some obsolete ciphers such as CBC in compliance with industry best practices. No client impact is expected as modern browsers and operating systems already support AES based ciphers.
Single Sign-On (OIDC)
Sept 21, 2024
We have offered SSO (Signle Sign-On) for some time but only to our larger clients. As of now, SSO is avaiable to anyone who wishes to interface with eClaims Workflow. If your office is working with Microsoft Entra ID, Okta, or other Identity providers using OIDC then we can enable single sign on for your users. It's convenient and enables improved security.
We continue to offer standard 2fa methods such as IP locking, TOTP authenticator apps, and 2fa over sms/email.
Terapin vulnerability mitigation
Mar 23, 2024
We don't offer public SSH services, however some SSH based services are used on private channels. To ensure no MITM attacks are possible we have updated all SSH client and server applications to the latest level. Cyphers such as CHACHA and Entrypt-then-MAC were already depricated. This should not have an impact on any client facing API systems.
Zero Trust security upgrade has been completed
Feb 10, 2024
We have completed the implementation and audit work related to our Zero Trust security design. By separating the system layers, we increase security related to privilege and identity.
Most of this is transparent to the end user. It does however result in extra work for our support staff so we ask for some patience if we are unable to take every call or answer every email right away. As a reminder, we endeavor to respond to every call and email in less than one hour. Our support hours are 8am-8pm weekdays and 10am-5pm weekends/holidays.
MOVEit Transfer data thefts
Aug 29, 2023
MOVEit is a centralized platform used for file transfer between (often USA based) corporations. Initially developed by Ipswitch and now part of Progress Software Corporation, this file transfer system was initially breeched in May 2023.
By Aug it has been revealed that 1000 MOVEit victims and 60 million individuals are affected by the series of exploitation. Based upon older technologies, this dual layer design meant that the breach of the system resulted in a mass data theft. Unfortunately some firms have been complacent with security.eClaims Workflow is a modern design including data partitioning to ensure that any possible breach is limited in scope to the transaction. No single technology failure could result in a mass breech as occured with MOVEit. We are constantly evolving our security and systems to stay ahead of new threats.
DNS Security Upgrade
Jan 2, 2023
We use a number of methods to deter internet identity theft. We have just added DNS CAA restrictions to prevent a third party from spoofing our website and/or ssl encryption. Our encryption standards already have an A+ rating with SSL Labs and this addition will ensure that no bad actor will be able to fool our clients into accessing a fake copy of our website.
Regional Access Limitations
Dec 1, 2022
We actively block traffic from a number of outside regions. Those include geographical regions outside of North America, internet regions of ill repute, TOR exit nodes, VPN anonymizer services (such as Nord, SurfShark, or IPVanish), and select systems with a history of abuse. This is done to minimize the amount of abuse received by our systems as well as to keep the job of security log review at a more reasonable level. We do realize that users travel to regions outside of North America and may wish to continue working through eClaims Workflow. If this occurs you can request a time limited region block exception by contacting eClaims Workflow Support support@eclaimsworkflow.com / 1.888.593.2463 x4
Deployment of IPv6
May 27, 2022
We have completed implementation and testing of our dual stack connectivity including full support for both IPv4 and IPv6. IPv6 is considered the future of the internet and we have implemented this on all systems including webserver, API, security, and email systems. This is in place at all Canadian and USA based datacentres.