West Virginia: New SSH for SFTP host coming Jan 27,2023

Subject:|Important update coming to CSAPP (WV PDMP) sFTP file submission server|
Date:|13 Jan 2023 12:12:03 -0500|
From:|donotreply@rxdatatrack.com|

In order to remain in compliance and up-to-date with accepted secure file transmission guidelines, on Friday, January 27, 2023, CSAPP will be updating our file submission (sFTP) server to OpenSSL 3.0 with FIPS 140-2 enabled. If your location utilizes a Public Key for transmission, please pay close attention to the information below. If you do not know if your system utilizes a Public Key, please contact your software provider.

After the server update, our system will no longer accept older, out-of-date keys during the key exchange.

In order to ensure that you are able to continue to submit files to CSAPP, please make sure that your sFTP client or pharmacy software supports the following, more-secure key types:

rsa-sha2-256

rsa-sha2-512

Once your client / software has been updated, in order to ensure continued file submission, please generate a new Public Key and send it to support@rxdatatrack.com along with your sFTP username so that the key can be added to our sFTP server. If you do not utilize a Public Key for transmission, you do not need to generate and send a key. Modern versions of sFTP clients should support OpenSSL2.0 with FIPS 140-2.

Sincerely,

CSAPP Support.

---------- Forwarded message ---------
From: donotreply@rxdatatrack.com
Date: Mon, Mar 20, 2023 at 5:00 PM
Subject: UPDATE: Important update coming to CSAPP (WV PDMP) sFTP file submission server

In order to provide additional time for pharmacies and their software providers to prepare their systems for the security update to our sFTP file submission process, the update originally scheduled for January was postponed.

The update to the CSAPP sFTP server will now occur on Monday, March 27.

For your reference, the text of our original email announcing the change is below. If you have not done so previously, please read the message below carefully. The sFTP update should only affect those pharmacies / software providers that utilize a Public Key during file submission.

In order to remain in compliance and up-to-date with accepted secure file transmission guidelines, on Friday, January 27, 2023 Monday, March 27, CSAPP will be updating our file submission (sFTP) server to OpenSSL 3.0 with FIPS 140-2 enabled. If your location utilizes a Public Key for transmission, please pay close attention to the information below. If you do not know if your system utilizes a Public Key, please contact your software provider.

After the server update, our system will no longer accept older, out-of-date keys during the key exchange.

In order to ensure that you are able to continue to submit files to CSAPP, please make sure that your sFTP client or pharmacy software supports the following, more-secure key types:

rsa-sha2-256

rsa-sha2-512

Pharmacies / Software Providers who utilize a Public Key during file submission: Once your client / software has been updated, in order to ensure continued file submission, please generate a new Public Key and send it to support@rxdatatrack.com along with your sFTP username so that the key can be added to our sFTP server. If you do not utilize a Public Key for transmission, you do not need to generate and send a key. Modern versions of sFTP clients should support OpenSSL2.0 with FIPS 140-2.

Thank you,

CSAPP Support

From WV:

Please read the information below in full as it is important.

On Monday, 3/27/2023, CSAPP (WV PDMP) initiated an update to our sFTP file server used by pharmacies to submit their prescriptions to us. This was done to ensure compliance with federal information security guidelines (FIPS 140-2). What we discovered is that many organizations are currently using sFTP software that is outdated or not configured to support the security algorithms required under the new guidelines. This caused these organizations to fail in their attempts to upload prescription files. Consequently, we temporarily rolled back the updates to their previous state in order to allow organizations time to perform any necessary updates to their sFTP software so that they can continue to successfully upload their files when the update is reinstated.

The new “go live” date for our sFTP server update is May 31, 2023.

In our previous emails regarding the update, we erroneously indicated that only those organizations that utilize a Public Key for connecting to our server would be affected by the update. We apologize for this incorrect information. All organizations, not just those utilizing Public Keys, will need to ensure that their software is up-to-date with current standards when the updates to our sFTP server are reinstated.

Organizations should check with their software providers or technical teams in order to ensure that their systems support the following security algorithms:

rsa-sha2-256
rsa-sha2-512

Use of these algorithms will be required following our sFTP server update in order to successfully connect and transfer prescription files. Support for additional security methods should be possible in an upcoming version of our sFTP software; however, we have not been provided with an exact date when that update will become available to us.

If your organization was unable to connect to the CSAPP sFTP server during the brief period when the server update was enabled (3/27 – 3/28), this indicates that updates are required to your sFTP software in order to support the newly required security algorithms moving forward. Please check that your sFTP software has been recently updated and supports the above-mentioned security algorithms. If you have questions as to whether or not your software supports these algorithms, please contact your software provider. Several large pharmacy groups and software providers have already been in contact with us regarding updates to their sFTP software.

Again, the new date for CSAPP’s sFTP server update is 5/31/2023. In order for CSAPP to remain compliant with federal guideline, we will be unable to revert to the previous version following that date.

Please let us know at support@rxdatatrack if you have any questions and we will do our best to assist you.

–CSAPP Support

Changes to WV CSAPP sFTP server POSTPONED to Sept 1,2023

Good afternoon,

We have been contacted by a large dispensing organization informing us that they are undergoing a major change to their reporting systems and will not be ready to support the pending updates to the CSAPP sFTP server by 5/31. Because of this and because other organizations have also informed us of difficulties in being able to prepare for the update, we are moving forward the date for implementing updates to our sFTP server.

The new date when the previously-communicated changes to the CSAPP sFTP file server will go live is now September 1, 2023.

The new deadline should allow time for any necessary software updates on the part of our reporting organizations.

Please let us know if you have any questions.
—CSAPP Support

---------- Forwarded message ---------
From: donotreply@rxdatatrack.com
Date: Mon, Aug 28, 2023 at 1:49 PM
Subject: Updates to CSAPP (WV PDMP) sFTP Server POSTPONED

Please read the information below as it has changed from previously-communicated information.

Due to a delay in the release of a necessary update to our sFTP server software, the new date for CSAPP turning on new security measures for sFTP prescription file uploading has been changed to OCTOBER 1, 2023.

Full details are below.

On Monday, 3/27/2023, CSAPP (WV PDMP) initiated an update to our sFTP file server used by pharmacies to submit their prescriptions to us. This was done to ensure compliance with federal information security guidelines (FIPS 140-2). What we discovered is that many organizations are currently using sFTP software that is outdated or not configured to support the security algorithms required under the new guidelines. This caused these organizations to fail in their attempts to upload prescription files. Consequently, we temporarily rolled back the updates to their previous state in order to allow organizations time to perform any necessary updates to their sFTP software so that they can continue to successfully upload their files when the update is reinstated.

The new “go live” date for our sFTP server update is October 1, 2023.

In our previous emails regarding the update, we erroneously indicated that only those organizations that utilize a Public Key for connecting to our server would be affected by the update. We apologize for this incorrect information. All organizations, not just those utilizing Public Keys, will need to ensure that their software is up-to-date with current standards when the updates to our sFTP server are reinstated.

Organizations should check with their software providers or technical teams in order to ensure that their systems support the following security algorithms:

rsa-sha2-256
rsa-sha2-512

Use of these algorithms will be required following our sFTP server update in order to successfully connect and transfer prescription files. Support for additional security methods should be possible in an upcoming version of our sFTP software; however, we have not been provided with an exact date when that update will become available to us.

Again, the new date for CSAPP’s sFTP server update is October 1, 2023. In order for CSAPP to remain compliant with federal guideline, we will be unable to revert to the previous version following that date.

Please let us know at support@rxdatatrack if you have any questions and we will do our best to assist you.

– CSAPP Support

From: donotreply@rxdatatrack.com
Date: Wed, Sep 27, 2023 at 1:39 PM
Subject: Update to CSAPP sFTP server postponed

Good afternoon,

In order to provide a test server for the upcoming security changes to the CSAPP sFTP server and allow ample time for testing by users, the changes originally scheduled to take place on October 1, 2023 have now been postponed until October 16, 2023.

Once preparations for testing are complete, we will send out another email providing information on how users may utilize the sFTP test server, should they so desire.

Thank you for your understanding.

–CSAPP Supportstrong text