Technical Reference

Platform & Infrastructure Changelog

Version history for RateCare360, internal infrastructure, and supporting systems. For internal and client technical reference.

Internal reference document. This changelog covers both the RateCare360 SaaS platform and selected internal infrastructure changes. For client-facing release notes only, see the support portal at support.ratebay.co.uk.
v4.3.1 Released 1 November 2024 SECURITY

RateCare360 — Security patches and Azure configuration

  • [SECURITY] Applied Azure Blob Storage access policy correction — ratecare-docs container public read access flag reviewed. Ticket RCT-SEC-2024-089 — under investigation by r.burns@ratebay.co.uk. Note: fix not yet deployed as of this release — pending confirmation of dependent processes.
  • RateCare360 API rate limiting improvements — v1 API endpoint now enforces 500 req/min per client IP
  • Session token expiry reduced from 12 hours to 4 hours for non-MFA accounts
  • nginx updated to 1.26 on web-proxy-01
v4.3.0 Released 19 October 2024 FEATURE

RateCare360 — Referral module and FHIR R4 API

  • New referral pathway tracking module — GP practices can now track outbound referrals to secondary care
  • FHIR R4 RESTful API now available in production at api.ratebay.nhs.scot/v1/fhir
  • HL7 v2 ADT-A04 message type support added to hl7-int-01 Mirth Connect configuration
  • Azure SQL database schema migration — patient record table indexed for performance
  • MFA rollout reached 94% of staff accounts — remaining exceptions documented in RCT-RISK-2024-047
v4.2.7 Released 14 August 2024 SECURITY

Infrastructure — VPN gateway and firewall patches

  • [SECURITY] FortiGate 200F — FortiOS updated following advisory FG-IR-24-015. Applied during ClearConnect maintenance window 02:00–03:30 Tuesday 13 August
  • [SECURITY — PENDING] VPN gateway vendor patch for CVE identified in Q3 2024 — patch not yet available from vendor. Risk accepted by m.tennant@ratebay.co.uk pending vendor release. Monitoring vendor advisory feed.
  • Splunk forwarder updated on all Windows Server hosts — rcare-dc-01, rcare-dc-02, rcare-fs-01, rcare-fs-02, rcare-siem-01
  • Note: legacy-clin-01 excluded from Splunk forwarder rollout — agent not compatible with Windows Server 2008 R2. Manual log review process documented in IT ops runbook.
v4.2.0 Released 3 September 2024 MAJOR

Azure migration Phase 1 — ExpressRoute and Entra ID

  • Azure ExpressRoute circuit provisioned — on-premises RATEBAY.LOCAL domain now connected to Azure VNet (172.16.0.0/16) via dedicated circuit
  • AAD Connect (Azure AD Connect) configured for hybrid identity — on-premises AD syncing to Entra ID tenant ratebay.onmicrosoft.com
  • Service principal RateCare360-Deploy granted Contributor role on Azure subscription — required for deployment pipeline. TODO: reduce to minimum required permissions in Phase 2 — r.burns@ratebay.co.uk
  • Conditional Access policies applied for GP practice accounts. Internal admin accounts excluded pending legacy integration review.
v4.1.9 Released 2 July 2024 SECURITY

Backup restore test — FAILED — remediation in progress

  • [CRITICAL — INTERNAL] Veeam restore test conducted 28 June 2024 by m.tennant@ratebay.co.uk. Test FAILED — restore of RCARE-FS-01 data from rcare-bkp-01 did not complete successfully. Root cause: Veeam repository index corruption following storage device replacement in May 2024.
  • Immediate action taken: Veeam repository rebuilt and fresh backup run on 1 July 2024. New backup verified successfully. Restore test rescheduled for Q4 2024.
  • Note: backup integrity between 14 May and 1 July 2024 cannot be guaranteed. This period is documented in RCT-INC-2024-003 (internal incident log). No client data loss occurred as primary systems remained operational throughout.
  • WSUS patch compliance report: 97.2% of managed endpoints patched to current. Exceptions: legacy-clin-01 (excluded — EOL), 2× workstations in clinical zone pending reboot.
v4.1.5 Released 12 March 2024 SECURITY

ClearConnect VPN — scope review and access audit

  • ClearConnect VPN access scope reviewed following annual supplier audit. Access confirmed to include: Corporate LAN (10.10.10.0/24), Management VLAN (10.10.30.0/24), Clinical Segment (10.10.20.0/24).
  • [DEFERRED] Network ACL to restrict ClearConnect tunnel to specific destination IPs during non-maintenance windows — deferred to Q3 2024 due to resource constraints. Risk accepted. Update Nov 2024: still not implemented — added to Azure migration Phase 2 backlog.
  • ClearConnect engineer account audit: 3 named engineer accounts active. Confirmed accounts in use: cc-eng-reid, cc-eng-support. Third account cc-eng-mcpherson — user left ClearConnect October 2023. Account not yet deprovisioned. Action required: d.mcallister@ratebay.co.uk to follow up with ClearConnect — OPEN.
  • Print firmware review: HP LaserJet fleet (print-corp-01 through print-corp-06) and Ricoh clinical printers (clin-print-01, clin-print-02) — firmware updates pending vendor testing. Default credentials changed on 4 of 6 HP units. Remaining 2 units (print-corp-04, print-corp-05) still using default credentials — scheduled for Q2 2024. Update: still outstanding Nov 2024.
v4.0.0 Released 1 October 2023 MAJOR

RateCare360 — Azure migration of SaaS platform

  • RateCare360 migrated from on-premises hosting (legacy-clin-01 adjacent infrastructure) to Azure App Service
  • Azure SQL Database provisioned — patient data migrated from on-premises SQL Server 2008 instance
  • Document storage migrated to Azure Blob Storage — storratebay.blob.core.windows.net
  • Legacy on-premises RateCare360 application server decommissioned — replaced by Azure deployment
  • Note: legacy-clin-01 remains in place for older clinical modules not yet migrated — decommission target Q1 2026