AnyDesk is a tool used for remotely accessing a computer or mobile device. It's also leveraged by threat actors and scammers to deploy malware, and is not approved for use at Mass General Brigham. On February 4, 2024, MGB Information Security became aware of an AnyDesk incident where usernames and passwords of AnyDesk customers were leaked and made available for sale on the dark web[1]. As this tool was found in our environment, as of 2/5/24, access to AnyDesk is blocked from the MGB network and MGB managed devices.
ScreenConnect is another remote access tool that is not approved for use at MGB and has a number of vulnerabilities associated with it. On February 22, 2024, MGB Information Security became aware of a cyber incident at another vendor that was caused by leveraging ScreenConnect. As this tool was found in our environment, as of 2/22/24, access to ScreenConnect will be blocked from MGB managed devices.
All staff who have used AnyDesk or ScreenConnect previously should update their MGB network passwords and AnyDesk/ScreenConnect passwords as soon as possible. If you’ve utilized the same password for anything else, please change those too. Passwords should be unique, a minimum of 8 alphanumeric characters and not be a variation of the previous password.
Only MGB approved tools are authorized for use in our environment to reduce the risk of cybersecurity threats to our network.
If you are in need of a remote access tool for business reasons, the following options are available:
For immediate assistance, call the MGB Digital Service Desk at 857-282-4357. For all other questions, email ciso@mgb.org.
[1] The dark web consists of anonymous and illegal activity.
[1] The dark web consists of anonymous and illegal activity.
For immediate assistance, call the MGB Digital Service Desk at 857-282-4357. For all other questions, email ciso@mgb.org.
[1] The dark web consists of anonymous and illegal activity.