Replies: 2 comments 1 reply
-
It was pointed out to me that the Trojan virus report may well be a false positive. This leads to the question of who should take the lead in making that determination. Obviously, it needs to be either the a) originator of the MRF, if they have the expertise, or b) third-party specialty lab, possibly on contract with CMS for quick response. The operational issue we face also highlights the importance of establishing an "address book" for direct communications between consumers of MRF and the generators of MRF to address data quality issues (of which virus reports are the most urgent). CMS has kindly provided an email contact point, but to the best that I can determine this is intended for reporting non-compliance, not operational issues relating to a multi-billion dollar data sharing network. In my mind the obvious solution is to add a 'contact' field to the MRF schema that provides phone and/or email. |
Beta Was this translation helpful? Give feedback.
-
Incident proves to be a false positive threat. Utilizing the latest update of the Windows Defender DB (loaded in the morning of 2023-03-30) this MRF is no longer reported as infected. |
Beta Was this translation helpful? Give feedback.
-
We encountered a UnitedHealth MRF that contains the Wacatac Trojan virus:
2023-03-01_UMR~lnc-Third-Party-Administrator_QUADMED-WASHINGTON-COUNTY_RELIANT-ACO_- WC_NXA3_in-network-rates.json.gz
We have processed numerous UnitedHealth MRF GZ files, and this is the first we've seen with a virus.
There looks to be many more that are infected. Just today we encountered 26 suspicious UnitedHealth GZ MRF files. It's likely that the other 25 that we didn't inspect also contain this virus.
I will file a report with CMS, but to mitigate possible damage I’m first posting on GitHub.
UnitedHealth can reach Keyark via the email address in the GitHub profile.
Beta Was this translation helpful? Give feedback.
All reactions