News & Events

Cegedim Rx Statement of Support Following Symantec pcAnywhere Security Risk Announcement

Leyland, Lancashire, 1st February 2011 - Cegedim Rx recently became aware of a security risk with the Symantec pcAnywhere remote access software which our service desk uses to diagnose and solve problems.

We have evaluated the risk associated with the Symantec pcAnywhere product along with the recommendations made by Symantec and have categorised the risk as ‘low’. In response to Symantec’s recommendations we have reviewed the following areas:

General
Cegedim Rx follows ISO 27001 approved standard operating procedures which minimise the threat of malicious activity. The remote access system is only activated at the specific point of use and deactivated immediately at the end of a remote support session. Customers are responsible for their IT security and if the risk of using pcAnywhere is deemed too great Cegedim Rx can deactivate and, if required, uninstall the software.

Endpoint Security
All Cegedim Rx supplied N3 customer PCs and laptops are pre-installed with anti-virus software and the most current definition files are up to date. In addition, pcAnywhere ports 5631 and 5632 are blocked on the N3 customer network. Blocking these ports ensures outside entities do not have access to pcAnywhere through these ports and clocking these ensures pcAnywhere users remain within the confines of the N3 customer network.

Network Security
Our N3 network has current and updated perimeter firewalls, with security systems protecting web gateways and intrusion detection systems in place. Insecure ports are disabled as agreed with customers. The security of the entire N3 network has been accredited by NHS Connecting for Health. Finally, our network partners have procedures in place to review firewall logs to police possible attempts to infiltrate security systems.

Remote Access Security
For remote support both Cegedim Rx and the customer use an IPSec VPN to the customer N3 network. This ensures that all traffic is encrypted and protected from eavesdropping.

Physical Security
Customers are responsible for ensuring their systems and any data held within them are physically secure.

Recommendations
Cegedim Rx customers are ultimately responsible for their IT security. Cegedim Rx advises customers to take care to prevent unauthorised users from accessing systems and exercise caution when accessing websites.

When making connections Cegedim Rx recommends the following:

• Customers should only allow authorised IP addresses to connect to host sessions
• Customers should ensure telephone contact takes place prior to starting the remote access session
• A username and password (user authentication) must be completed before control is allowed
• Use encryption to protect communication with a pcAnywhere session

Customers who would like to discuss any concerns regarding the software should call Cegedim Rx service desk on 0844 630 2000.