The novel coronavirus has brought to UTMB unprecedented and challenging times. On one hand we are an operating hospital whose mission is to improve health for the people of Texas and around the world. On the other hand, we have an obligation to protect our employees and minimize the spread of this virus through social distancing.
As directed by Dr. Ben Raimer, President ad interim, employees whose job duties do not require them to be physically located at a UTMB facility have been asked to work from home until further notice.
With several thousand new telecommuters, our secure remote access capabilities are being tested, and some limitations have been identified.
As of today, our Citrix remote gateway is holding steady, but our VPN has hit its capacity, at 1,000 users. Information Services teams are working diligently to increase the number of active VPN connections to 10,000 users. We expect to have the VPN upgrade completed by close of business March 19, 2020, or sooner.
Other anticipated challenges include non-standard and personal devices connecting to our network. Basic security controls must be applied––if left unprotected, these computers can be used to distribute malicious software, or allow intruders to gain access to our internal network, putting UTMB at an elevated risk of data compromise and healthcare disruption.
Remote users must ensure that personally owned devices have basic security controls enabled. This includes, but is not limited to the following:
- If using a PC or laptop with Windows XP, 7 or an older version of MacOS, users should make every effort to access UTMB resources through the UTMB Citrix storefront at https://mycitrix.utmb.edu
- Unless there is a need to have direct access to our internal network, all users are encouraged to use the Citrix storefront for their remote access/telecommuting needs
- Users should run a supported operating system on their personal devices; Windows 10 or a recent version of MacOS X.
- Security patches should be applied as soon as prompted by the Windows notification center
- Ensure that Windows Defender is enabled. Validate this by typing “security” into the search box next to the Start button. Click the Windows Security Application and verify that the Virus and Threat Protection icon has a green check
- If your personally-owned PC is running Windows 7 or 8, consider upgrading to Windows 10. A free upgrade from Windows 7/8 to Windows 10 is available from Microsoft
- Always store UTMB data in your H drive, or your Office 365 OneDrive. Never save protected health information or other confidential information to a personally-owned device.
- When searching for COVID-19 information on the Internet, ensure that is comes from a trusted source. There have been numerous reports of fake sites and phishing email spreading malicious software and stealing credentials. Scrutinize your email before clicking on links or opening attachments
- Remote access connections will be scrutinized; any device that appears to be compromised or is demonstrating other types of suspicious behavior will be removed from the network
In closing, I want to remind everyone that information security never ends. We must always keep basic security principles in mind, no matter where we are. As always, if you see something that doesn’t seem right, say something. Always report suspicious activity to email@example.com.
For more information about remote access please go to the Information Services "Working Remotely" web page.
Associate Vice President,
UTMB Chief Information Security Officer