Critical Information: Credible Cyberthreat (October 2020)
On Wednesday, October 28, 2020, the University was notified of an imminent cyberthreat that has been made against hospitals and health systems throughout the U.S. The warning comes from the Department of Health and Human Services (HHS), Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI). The cyberthreat does not specify the University of Miami Health System or South Florida but is considered extremely credible. Although the threat is specifically for hospitals and health systems, anyone on the University network can be a source of entry to the entire University system.
We continue to monitor the cyberthreat, and encourage everyone to stay vigilant. There is no impact to the institution at this time.
In an abundance of caution, the following actions have taken place:
- Access to Google Drive and Google Docs was blocked from the UM network. You may access them outside of the UM network. As of Monday, November 2, 2020, access to these services was restored on the Coral Gables and Marine campuses.
- Note: Google Drive links sent via UM email will be blocked by the University's Safe Links protection feature. If you need to access a specific Google Drive link sent via email, please copy and paste the original URL into the web browser.
- Access to email services commonly associated with personal use (Gmail, Yahoo, Hotmail, etc.) have been blocked from the UM network. You may access them from outside the UM network.
- Please contact the UMIT Service Desk at help@miami.edu or (305) 284-6565 if you have an urgent need to access one of these services from the UM network.
- An alert system has been put in place to notify you that an email you have received has been sent from an external source. Please take extra caution when opening email or clicking links or attachments when you receive these alerts. They are provided as a visual reminder for you to confirm the sender is a trusted source before opening. Learn more.
- The sensitivity filter that detects spam/phishing has been increased. You may need to check your "Junk Email" folder if you are expecting an email and do not receive it. Learn more.
- The Remote Desktop Protocol (RDP) client on CGCENT domain managed devices has been disabled. Learn more.
- Jackson Health System has blocked all external email applications and Remote Desktop Protocol (RDP) at Jackson facilities, including access to UM email and/or remote access to a UM computer. Learn more.
It is important that you always follow the best practices below:
- Do NOT open any documents or attachments from an unknown source.
- Do NOT click on any links that are sent to you from an unknown source.
- Report suspicious emails or if you opened an attachment or link from an unknown source. Alert IT right away at help@miami.edu or (305) 284-6565.
For more information about phishing, visit: it.miami.edu/about-umit/it-news/phishing/.
New Alert System When Receiving External Email
A new alert system has been put in place to notify you that an email you have received has been sent from an external source. This new security feature is intended as a precaution to protect both you and the University, since malware can spread quickly and infect the entire network.
For emails originating from a non-miami.edu email address, you will see a flag in the subject line with the word [EXTERNAL]. You will also see a banner that notifies you that the email is not from an internal source. See an example below:
Please take extra caution when opening email or clicking links or attachments when you receive these alerts. They are provided as a visual reminder for you to confirm the sender is a trusted source before opening.
If you believe you received a suspicious email or opened an attachment or link from an unknown source, please alert the UMIT Service Desk at help@miami.edu or call (305) 284-6565 right away.
Spam/Phishing Filters Sensitivity Increased
The University has increased the sensitivity of our email spam/phishing filters. If you were expecting an email from an external sender and have not yet received it, please check your "Junk Email" folder in Outlook.
Identifying Safe Senders
If you find a message in your "Junk Email" folder that should not be there, please first review and confirm the senders information, e.g., confirm their email address is valid and is from a trusted "@" domain. Then, click on the email recognized as trusted and select "Junk" on the Outlook toolbar. Select "Never Block Sender" and this email address will be added to the safe senders list and messages from this email address will no longer be sent to the "Junk Email" folder. For reference, see the screengrab below:
If you have any questions, please contact the UMIT Service Desk at (305) 284-6565 or help@miami.edu.
Remote Desktop Protocol (RDP) Disabled on CGCENT Domain Managed Devices
The University has disabled the Remote Desktop Protocol (RDP) client on CGCENT domain managed devices. This means that devices, e.g., desktop computers, laptops, etc., connected to the University network will not be able to establish a remote desktop connection.
RDP enables people to connect to an on campus device over a network connection; however, RDP uses a port which is commonly used by cybercriminals to load malicious payload onto computers and take control of devices.
If this change affects your ability to provide support to your business unit(s), please contact the UMIT Service Desk at (305) 284-6565 or help@miami.edu.
Accessing UM Email While in Jackson Facilities
Please be advised that Jackson Health System has blocked all external email applications and Remote Desktop Protocol (RDP) due to the current cyberthreat. This means that UM faculty and employees working within Jackson facilities cannot access their UM email account and/or use RDP to remote into a UM computer from a Jackson facility. If you need to access your UM email account while in a Jackson facility, you may do so by:
- Using the UM virtual private network (VPN), Pulse Secure
- Using the Jackson guest WiFi network
- Using your mobile cellular service
The University only blocked email services commonly associated with personal use, so there should be no disruption in accessing Jackson emails within UM facilities. If you need IT assistance, please contact the UMIT Service Desk at (305) 284-6565 or help@miami.edu.
