Knowledgebase : Technical, Configuration and Devices > Incisive inCLOUD

If you are experiencing slow response times or you are frequently disconnecting from Incisive inCLOUD, there are a number of simple checks you can make which can make quite a difference to the responsiveness of the program:

    1. Check your computer has all the current Windows or iOS updates.  If there are any updates waiting to be applied, apply them.

    2. Go to Setup > Workstation > Configuration and check that the selected printers appear in a black font and not a red font.  If it's red, it means the printer cannot be connected to and can cause speed problems, especially in Letters/Notes.  Check that the printers are online and also not out of paper.  Remove all unneeded printer drivers.  

    3. Make sure there are no music streaming services running on the computer, such as Spotify, Apple Music, or podcast services.

    4. If you are using a Wireless network connection, plug in an ethernet cable as the connection is faster and much more reliable.

    5. If you're using a laptop, set your Power Management settings to Maximum Power.  If the disk or system goes to sleep it will drop the network connection.  Also check that the network card is not set to go into 'Sleep' mode.
    6. Run the 'Database Speed Report' in Reports > System  and in the 'Read Time:' section can you let us know what the value is for the Avg= (ideally it should be less than 4.0ms)

    7. In a browser, run an internet speed test to check the connection to your internet provider. Enter the following or click on this URL https://speedtest.net then click on the Go button to start the test.  Ideally your upload and download speed should be greater than 100Mbps and the ping time should be less than 30ms

    8. Restart your internet router.  This is a small device that connects your office to the internet.  Often the best way to restart it is to remove the power cable to it, wait 5-10 seconds for it to completely power down, then put the power back in.  It will take several minutes to connect to your ISP again.

    9. Setup a 'Hot Spot' from your mobile phone and connect your wireless network connection to the hotspot.  If this improves the connection speed or reliability, it is likely that your usual internet modem/router or internet provider may need to be changed.

    10. Test the connection bandwidth from your computer to the inCLOUD server.  Download the 'iperf3' files from https://iperf.fr  and run it using  the command switch of: iperf3.exe -c 103.226.33.2 -V 

Instructions for connecting a workstation or device to the Incisive inCLOUD network

Step 1. Choose to use either Watchguard Authpoint app or a Watchguard passcode generator, so Incisive can enable your MFA authentication access.

Step 2. Create a RemoteApp connection to the Incisive inCLOUD servers.

Step 3. Download and install TSPrint & TSscan client applications to your workstation/device to improve your printing & scanning experience.

Step 4. (optional) Link to the 'Incisive Files' online storage location to make it easier to upload/download information.

  • For Windows
    • Request the script from the Incisive Helpdesk 
    • Open 'Windows Powershell' on your PC (Windows) and paste the contents of the script into Powershell
    • Press Enter to execute the command.  Close the window when it has completed)
      (you should now see am 'Incisive Files P:' in Windows Explorer)
  • For Apple, request assistance from the Incisive Helpdesk

Troubleshooting

The RemoteApp shortcut can be linked to a User profile which can cause problems if different people log on and use the same workstation.

Options to remediate this or provide a workaround are:

  1. Use the browser to connect to https://secure.incloud.clinic/rdweb and log in using an inCLOUD login that you can authenticate.
  2. Remove the 'Remember Me' options for the logins so that you are prompted each time for an inCLOUD login and password.
  3. Use inCLOUD logins that are only used for a particular workstation/laptop
  4. Configure Control Panel > Remote App connections for each Windows login that is going to use the workstation.
    This option should allow the User's profile to connect to an inCLOUD login that may have been allocated to a person, not a workstation.

Problem:

When the Powershell script is run on the local computer, to add the P: mapped drive and credentials, it all completes correctly but the mapped drive may not be visible in Explorer, to the end-user.

Diagnose:

It's likely that the Powershell script was run in Administrator mode, not in the User context.

Open the command prompt as Administrator and change to the mapped drive.  If it appears when using the elevated Administrator prompt only then the following will fix the problem.

Solution:

Option 1.

Re-run the powershell script but do not elevate it to Run As Administrator.

Option 2.

    1. In Registry Editor, locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    2. Right-click Configuration, select New, and then select DWORD (32-bit) Value.
    3. Name the new registry entry as EnableLinkedConnections.
    4. Double-click the EnableLinkedConnections registry entry.
    5. In the Edit DWORD Value dialog box, type 1 in the Value data field, and then select OK.
    6. Exit Registry Editor, and then restart the computer

Microsoft are progressively enforcing the use of Multi-Factor-Authentication (MFA), which means you will need to use an Authenticator app to allow emails to be imported into the Message Centre, for your @incloud.clinic email address. Incisive only allow @incloud.clinic email accounts to import emails because they are protected from spam and viruses, by Microsoft Defender for Office365.

If the following message box appears, it means you need to use MFA to authenticate the login

The steps to implement MFA for the email account are straight-forward and once initiated, you'll only need to authenticate the account every 12 months.

We recommend that the MFA should be installed and managed by the practice or hospital manager.

  1. If you don't already have the free Microsoft Authenticator app, download and install it on a phone.
    Use your phone camera to scan the following QR code for:

    Apple App Store

    Google Play Store


    If you have an older phone you may be prompted to download and install an earlier version of the Microsoft Authenticator app.

    You can use an alternate authenticator app, but you will need to complete the configuration yourself.

  2. Start the Message Centre and proceed through the prompts, until you get to the message saying 'Scan the QR code'.


  3. When prompted, open the Microsoft Authenticator app, click on the + symbol in the top right corner and then select the 'Scan QR code' option.  Point it at the QR code on the screen and it will add the necessary security tokens.


  4. Your @incloud.clinic email account has now been added to the app.


  5. When you start the Message Centre a prompt may appear asking if you want to use the Authenticator app.  You will also receive a notification on the phone.  Open the notification and approve the authentication request.

Incisive inCLOUD is including another layer of security, to protect your information even further.

New servers have been added to the computing farm, which are configured to require ‘Multi-Factor Authentication’ (MFA or 2FA) to allow a remote connection to be established. This does mean there is an additional step in the process to log on, but it is a very effective barrier to unwanted cyber-intruders.

All new users of Incisive inCLOUD are using the MFA system and we are also requiring all existing customers to also upgrade the method they use to connect.

The authentication levels used to secure the Incisive inCLOUD system are:

  1. inCLOUD network connection using your usual login e.g. incloud\mypractice01
  2. Passcode input, generated from the Authpoint app or hardware fob (new step)
  3. Incisive application login

In addition, only connections from New Zealand based IP addresses (your router’s internet address) are permitted, without needing to use a separate VPN connection.

The passcode is generated either from an app on your phone or a special hardware generator. These create a one-time passcode which you input during the connection process. This method of Multi-Factor Authentication is now used in all public hospitals, after the malware attack on the Waikato DHB last year.

There are several key reasons we have chosen to include MFA:

  • CertNZ recommends MFA/2FA protection as an important security step;
  • the Privacy Act requires health agencies to take ‘reasonable security safeguards’ to protect health information;
  • the National Cyber Security Centre’s advisory for the increased threat of targeted cyber intrusion because of military actions between Ukraine and Russia.

Frequently asked questions.

What will change for us?

  1. The icon that you use to connect to the Incisive inCLOUD will need to be modified so it points to the new system (secure.incloud.clinic instead of incisive.incloud.clinic).  This needs to occur on each computer that connects to Incisive inCLOUD.
  2. You will need the Watchguard Authpoint app installed on a mobile phone or have a hardware passcode generator, so that you can use either, each time you connect to the Incisive inCLOUD.

How does the MFA work?

During the process to connect to Incisive inCLOUD, a screen will appear prompting whether you want to use the 'Push' or 'One-Time-Passcode' option. If the Push option is used a notification will appear, which can be 'Approved', or if the Passcode option is used, the number can be entered from either the Authpoint app or Hardware token generator. The Incisive application will then continue to start.

See the Multi Factor Authentication (MFA) training videos.

Push Notification

Push Approval

AuthPoint passcode

Hardware passcode fob


What happens if I don't have my phone?

We recommend that you have access to both the Watchguard passcode generator and also the Authpoint app, so there are alternative methods of generating the passcode. If neither are available, there is a ‘Forgot Token’ option where we need to be involved to allow access for a limited time.

The Incisive inTOUCH mobile app can also be used to access your clinic or operating lists and view the patient’s records.

We are a large practice/hospital and different staff frequently use the same computer.

There is no change with how you currently use Incisive inCLOUD except that the first person who logs on will need to enter a Passcode from either the Authpoint app or the Watchguard passcode generator.

Is each staff member going to need the Authpoint app on their phone?

The Passcode that is generated is linked to an individual Incisive inCLOUD login. This means that for each login there will need to be either a specific hardware passcode generator or an Authpoint app token. It is possible (but not very practical) to have the Authpoint app on a single ‘Practice’ based phone, which has the ability to remotely ‘Approve’ a connection or issue a One-Time Passcode (OTP) for multiple logins.

If the user is accessing Incisive inCLOUD from different locations (such as the specialist) then they should always use the Authpoint app on their own phone.

Are there charges?

The MFA technology is provided through an internationally respected company which does charge for its products and services. There will be changes to our fees to cover their costs and the hardware token generator can be purchased separately. Given the severe disruption that can occur from cyber-attacks, security costs are now regarded as an expected overhead of doing business.

Everyone using Incisive inCLOUD will need to upgrade to the same level of high security.

I use an Apple Mac. Do I need to use MFA?

Yes.

Is the change going to disrupt the running of our practice/hospital?

All the preparation can be completed in the background while you continue to use the existing connection method. When you are ready to start using MFA, you just start using a different shortcut icon. Everything will continue to function as it is now. The connection process will take slightly longer.

When is the change going to occur and what do we need to do?

The process to migrate existing Incisive inCLOUD users to use secure.incisive.incloud, has already started. We will shortly be inviting you to be involved as we expect that everyone will be migrated before the end of the year. We will work with you to ensure the timing works well for you.

You will need to:

  • decide how many Watchguard hardware fobs you want;
  • download and install the Watchguard Authpoint app, for the mobile users; and
  • provide an email address for each connection.

What are the options if I don't want to use MFA?

Because the database that you use for your records, is the same for any Windows operating system, we can remove your records from the Incisive inCLOUD system so you can have them on your own on-site server.

Are any other security changes going to occur?

The Windows tsclient link to your computer’s drives will eventually be disabled and is replaced with the Incisive Files drive that has been provided to assist with easy upload and download of files/photos to and from the Incisive inCLOUD system. This allows us to virus-scan the files being uploaded and close another possible intrusion point from your computer.

The operating system for the servers is being upgraded to Windows Server 2022, which has significant improvements in the detection and protection against malware attempts.

Is MFA going to make my information completely secure?

As I'm sure you have experienced, the cyber-security requirements are in a state of constant change. Protection is almost always a patching exercise to cover the holes that have previously been exposed by those wanting to get to your information or use you as a spring-board into someone else’s system.

100% protection would mean that the Incisive inCLOUD system would have to be so locked down that remote access from your own computers or devices, would be virtually impossible to use and very expensive to implement. To provide a system that is workable for you, there is always a degree of compromise between accessibility and protection. Which is why we have backups and fail-over functions.

If you have any questions please get in touch with us at help@incisivesupport.com 

To start using the Multi-Factor Authentication function with Incisive inCLOUD, you need to:

  1. Provide us with a unique email address for each login to Incisive inCLOUD and indicate whether you want to authenticate using an app on your phone or use a hardware fob
    If you haven't already completed this step, you can use the template in this link to help you list your requirements, then send it back to us.

  2. An email will be sent to the email addresses, from wgcloud-no-reply@jpn.cloud.watchguard.com, with information on how to install and Activate the Watchguard Authpoint app.  The app needs to be activated on your phone within 7 days of receiving the email.  The activation process can occur from your computer or the app on your phone.