New cybersecurity protections at HMS

Network protections

In response to U.S. intelligence agencies’ recommendations regarding an increase in malicious activity, HMS IT is blocking sites associated with ransomware and other credible threats to reduce the risk to our community. These measures provide additional security for on-campus users and those connecting to the internet through the HMS VPN.

This selective blocking of credible threats is possible because of the recent upgrades to the high-throughput network at HMS. With these upgrades, we can implement these targeted security measures without interfering with your legitimate day-to-day work.

Email protections

In response to U.S. intelligence agencies’ recommendations regarding increased ransomware activity, many of our hospital-based affiliates now block attachments from external email domains, including HMS, HSDM, and the rest of Harvard University. If you communicate with hospital-based faculty, staff, or students, be aware that their systems may remove your attachments before delivering your email. As the sender, you will not notice the removal of these attachments.

Mass General Brigham began removing attachments on Friday, October 30, at 2:00 PM EDT (UTC-4). Since then, they have removed attachments from emails sent to their domains (such as massgeneralbrigham.org, bwh.harvard.edu, and mgh.harvard.edu). Boston Children’s Hospital intends to take the same precautions. The rest of our affiliates will likely take similar action.

When you cannot securely share files through email attachments, use Dropbox Business, OneDriveor Harvard Secure File Transfer by Accellion. You can use Dropbox Business and OneDrive for Level 3 information and below, and Harvard Secure File Transfer by Accellion for Level 4 information and below.

How you can help

Increased ransomware activity will likely impact HMS and HSDM communities. Even with these new measures, you must stay vigilant. Treat links and attachments with scrutiny. Do not open attachments unless you are confident—and have verified—that the sender intended to include them. Never open any executable attachments.