July 11, 2024 Update
We remain committed to bolstering our cybersecurity defenses and are taking steps to ensure only approved connectivity solutions are used. The approved and supported MGB solutions are:
- Employees: Cisco AnyConnect VPN client, or Citrix Workspace
- External Vendors, Partners, and Collaborators: Imprivata SecureLink
Please see this KB article for more information on accessing the tools above.
In February 2024, groups were notified that AnyDesk and ScreenConnect are not approved solutions. These additional VPN applications will be blocked beginning July 2024:
ExpressVPN, Hotspot Shield, Private Internet Access, Bitdefender VPN, Mullvad VPN, Betternet, Norton Secure VPN, PureVPN, IPVanish, Avast Secureline VPN, Kaspersky VPN, Hola VPN, HideMyAss VPN, ClearVPN, CyberGhost, PlanetVPN, AVG Secure VPN, PrivateVPN, SaferVPN.
If you have questions or concerns about the non-MGB approved VPN applications listed above, email @email to open a Service Desk ticket and we will direct it to someone who can advise you.
Previous Note from February 2024 on AnyDesk and ScreenConnect
AnyDesk is a tool used for remotely accessing a computer or mobile device. It's also leveraged by threat actors and scammers to deploy malware and is not approved for use at Mass General Brigham. On February 4, 2024, MGB Information Security became aware of an AnyDesk incident where usernames and passwords of AnyDesk customers were leaked and made available for sale on the dark web[1]. As this tool was found in our environment, as of 2/5/24, access to AnyDesk is blocked from the MGB network and MGB managed devices.
ScreenConnect is another remote access tool that is not approved for use at MGB and has a number of vulnerabilities associated with it. On February 22, 2024, MGB Information Security became aware of a cyber incident at another vendor that was caused by leveraging ScreenConnect. As this tool was found in our environment, as of 2/22/24, access to ScreenConnect will be blocked from MGB managed devices.
All staff who have used AnyDesk or ScreenConnect previously should update their MGB network passwords and AnyDesk/ScreenConnect passwords as soon as possible. If you’ve utilized the same password for anything else, please change those too. Passwords should be unique, a minimum of 8 alphanumeric characters and not be a variation of the previous password.
For immediate assistance, call the MGB Digital Service Desk at 857-282-4357. For all other questions, email @email.