DNS Security Upgrade
Jan 2, 2023
We use a number of methods to deter internet identity theft. We have just added DNS CAA restrictions to prevent a third party from spoofing our website and/or ssl encryption. Our encryption standards already have an A+ rating with SSL Labs and this addition will ensure that no bad actor will be able to fool our clients into accessing a fake copy of our website.
Regional Access Limitations
Dec 1, 2022
We actively block traffic from a number of outside regions. Those include geographical regions outside of North America, internet regions of ill repute, TOR exit nodes, VPN anonymizer services (such as Nord, SurfShark, or IPVanish), and select systems with a history of abuse. This is done to minimize the amount of abuse received by our systems as well as to keep the job of security log review at a more reasonable level. We do realize that users travel to regions outside of North America and may wish to continue working through eClaims Workflow. If this occurs you can request a time limited region block exception by contacting eClaims Workflow Support email@example.com / 1.888.593.2463 x4
Deployment of IPv6
May 27, 2022
We have completed implementation and testing of our dual stack connectivity including full support for both IPv4 and IPv6. IPv6 is considered the future of the internet and we have implemented this on all systems including webserver, API, security, and email systems. This is in place at all Canadian and USA based datacentres.
Updated ISO 27001 certification, SOC2 Type2 Audits, and security documentation is available
Jan 24, 2022
Our security package has been updated with 2021 ISO 27001 certification, Soc2 Type2 audits, Insurance certificates, and policy/procedure documentation. Because of the increase in high profile vulnerabilities lately we have increased our penetration testing and vulnerability audits to four times per year. These audits are also included within the security package. For access to the Security Package please contact firstname.lastname@example.org
Log4j, Java, and Apache Vulnerability Disclosures
Dec 14, 2021
Log4j, Apache, and Java related vulnerabilities have been in the news lately.  None of the eClaims Workflow production systems use log4j, java, nor Apache technologies. These include IME Workflow, SecureDocs, eMsg and associated sub-systems.
Following the Dec 10 CVE alert, we conducted a full audit of all systems and have confirmed none of the affected technologies are employed within our servers. We monitor security advisories such as CVE and CISO to ensure our systems remain 100% secure