Due to security concerns, HMS IT has retired the eCommons platform. HMS IT is working to replace the services provided by eCommons with newer, more secure solutions. To help us address security risks, review the required protections, and learn how to implement them on Information Security for the HMS Community.
✅ No issues — ⚠️ Degraded performance — 🚫 Outage
- ✅ Course Proposal – For more information, visit the Registrar's website.
- 🚫 CV Tool (FIRST) – This tool will not be reinstated; consult the Faculty Affairs CV Guidelines for more information.
- ⚠️ eCommons Portal – The eCommons Portal is inaccessible. Links previously available in the eCommons Portal are available lower on this page and the resource links page.
- ✅ Email – It is safe to sign in to your Microsoft 365 email account on your desktop applications and on the web at mail.med.harvard.edu
- ✅ Ex-Clerk – HMS has joined the AAMC's VSLO/VSAS program for processing applications and will welcome back U.S. medical students for clinical elective opportunities beginning in August 2021. Opportunities for international medical students are suspended. You can learn more about the Exchange Clerkship Program on the HMS MD Program website.
- ⚠️ Guest account requests – Use these forms for requesting and extending guest accounts:
- ✅ Harvard Faculty of Medicine Promotion Milestone Portal – The new Promotion Milestone Portal is available for all HMS faculty in the promotion process and their affiliated department administrators. Navigate to the new Promotion Milestone Portal and sign in with your HarvardKey for access. If you cannot access the portal but have a promotion underway, contact the Office for Faculty Affairs at OFA_Promotions@hms.harvard.edu. For more information, refer to the HMS IT Knowledge Base article.
- ✅ HMS account self-service – You can activate your HMS account, reset your password, or unlock your account using the HMS account management page.
- ⚠️ HMS Directory Services – Use the public Harvard directory.
- ✅ ISIS (Student Information Search of MADRIS) – This tool has been retired, and authorized users have been given access to Student Search using the my.harvard portal. Email email@example.com with any questions.
- ⚠️ MADRIS – The MADRIS databases are secure and functioning. User interfaces to access data are offline. If you have an urgent need related to MADRIS, email firstname.lastname@example.org.
- ✅ Mediasite – To record new videos, use Panopto.
- ✅ MD Program Course Catalog – To access, navigate to the Course Catalog.
- ⚠️ MyCourses – The MyCourses databases are secure and functioning. User interfaces to access data are offline. If you have an urgent need related to MyCourses, email email@example.com.
- ✅ MyHMS –To access, navigate to the MyHMS dashboard.
- ⚠️ New HMS Employee Accounts – Contact the HMS IT Service Desk for assistance with new accounts.
- ✅ NHP Data – NHP Data is secure and functioning.
- ✅ OASIS – Service is operational, including student and faculty photos.
- ⚠️ O2 web hosting – You may experience issues with sites using eCommons web authentication services.
- ⚠️ Online Storage – All storage systems are operational and accessible. However, the Online Storage self-service interface is currently unavailable. For questions regarding file permissions or folder membership, to request new departmental share folders, or to add or remove users to existing collaborations, contact the HMS IT Service Desk or your local Client Services team.
- ⚠️ OrgEditor – OrgEditor remains down. For OrgEditor's file-sharing functionality, Dropbox is the recommended replacement. For OrgEditor's internal web page functionality, OpenScholar is the recommended replacement.
- 🚫 OSE Searchable Opportunities Database – The Office of Scholarly Engagement will contact students with more information about this service.
- ✅ Qualtrics – Qualtrics is now available using your HMS credentials at hms.qualtrics.com. See this article for more information: Access Qualtrics
- ⚠️ Self-Registration Accounts for Hospital Affiliates – Self-Registration is offline. To request a new affiliate account, contact the HMS IT Service Desk.
- ✅ UpToDate Authorization – UpToDate access has been restored for eligible MD students.
- ✅ Zoom – You may need to sign in again and reconnect your calendar.
Last updated on April 9 at 1:00 PM.
You can access many of the applications listed on the eCommons portal by adding them to your "My Applications" block in your MyHMS dashboard. On theMy Applications Selector page, select Add under relevant applications, then go to your MyHMS dashboard to view and access the added applications.
- Countway Library
- HCCRC Protocol Review
- MyHMS dashboard
- MD Program Course Catalog
- National Center for Biotechnology Information (NCBI)
- National Library of Medicine
- Outlook on the web
- Room Scheduling
- Secure File Transfer
- Service Tools and Technologies (STAT)
Additional sites can be found on our resource links page.
March 3, 2021
We are working closely with University leadership and are committed to strengthening our IT security. New Harvard requirements and standards will help prevent intruders from accessing our systems. They will also allow us to detect and track any intruders who may infiltrate our virtual borders. HMS IT will help ensure that every lab, classroom, department, and office at HMS successfully adopts these new levels of protection.
We are asking for your diligence in addressing information security risks to your own work and that of your colleagues across the School. These new Harvard University information security requirements apply to all individuals and technologies across our HMS Quad environment, including employees, postdoctoral researchers, trainees, lab computers, classrooms, servers, and third-party software providers.
Review the required protections and learn how to implement them in Information Security for the HMS Community.
January 27, 2021
The eCommons platform and associated applications remain offline while HMS IT addresses the security of the environment. HMS IT is working with stakeholders to identify immediate workarounds for critical functions, processes, and workflows and to deploy new systems and applications wherever possible. We have shifted the workload of many of our IT staff members toward implementing these short-term solutions, including implementing manual processes that may affect response times.
January 25, 2021
The technical teams at Harvard have been working around the clock and have secured all the known areas of unauthorized access to Microsoft 365 email at Harvard. The intrusion appears to have affected a small number of individuals within the Harvard community. We are working directly with those individuals we have identified, and we continue to monitor activity closely.
We are continuing our analysis of the eCommons platform outage, which has affected access to applications and services.
January 22, 2021
In response to the recent intrusion into the Microsoft 365 email service, Harvard University Information Technology (HUIT) is enabling new security measures within our email system. As a result of this work, you will be required to re-authenticate, or sign in again, to access your Microsoft 365 account. If you receive this request, it is safe to proceed. Given our shared services' complex nature, you may be asked to authenticate several times over the next few days.
January 20, 2021
In response to the recent security intrusion affecting Microsoft 365 accounts at Harvard, we are taking several important steps to defend against future attacks:
- We recommend that you reset your HMS account (eCommons) password to secure your account – To reset your password, visit the password reset page, then follow the prompts.
- We have expanded the HMS Virtual Private Network (VPN) to protect additional websites and services. If you experience issues accessing an HMS website or service, install the VPN client, connect to the VPN, then try again. This does not apply to applications affected by the eCommons outage.
- We will enable two-factor authentication (2FA) for Microsoft 365 on all accounts by the end of this week – Harvard University now requires 2FA for all users. We will contact you if you have an exception to help you secure your account.