VUMC Enterprise Cybersecurity (VEC) has received credible intelligence regarding the potential for an increased threat of cyberattacks in the coming days that are specifically directed toward the U.S. health care sector.
In response to these threats, and based on recommendations from the Department of Homeland Security (DHS), the Department of Health and Human Services (HHS), and the Federal Bureau of Investigation (FBI), VUMC is taking additional steps to block access to non-VUMC/non-VU personal email accounts from the VUMC network.
These steps include access to common email services such as Yahoo Mail, Gmail and others because these outside email services do not provide adequate levels of protection that are necessary to ensure VUMC’s systems are protected from malicious phishing and malware.
Consequently, beginning at 9 a.m. CST on Monday, Nov. 2, you will be unable to access e-mail systems other than those provided by VUMC or VU (such as Yahoo Mail, Gmail, and others) using a VUMC network connection. If workforce members wish to check personal, non-VUMC and non-VU, email accounts, they may use personal devices, iOS or Android Smartphones or Tablets, using cellular carrier networks. Instructions on how to disable VUMC Wi-Fi on these devices are provided below. Between now and the effective date of this change, we ask that users refrain from accessing non-VUMC and non-VU email accounts from the VUMC network.
Please note that current VUMC policy (Electronic Messaging of Individually Identifiable Patient and Other VUMC Confidential or Sensitive Information) prohibits auto-forwarding on VUMC email into or out of the VUMC email system.
In addition, and because many of these attacks launch from phishing emails, VEC also asks you to maintain a heightened level of vigilance in the coming days when opening email messages, and in particular to avoid clicking links in email messages that are not from known sources.
If you receive an email message that is suspicious, or if you are unsure of whether the email message is legitimate, please DO NOT OPEN the message and instead forward it to “phishing@vumc.org” for evaluation.
Additionally, remember these important precautions:
– No one at VUMC will ever ask you for your password. If asked for your password, NEVER reveal it.
– Never leave a workstation unattended and unlocked.
– Personal email, Yahoo, Gmail, etc., does not provide many of the protection mechanisms that VUMC’s email does. Please do not check, open, or send personal email from VUMC computing devices.
Thank you for assistance in this matter.
John F. Manning Jr. PhD, MBA
Chief Operating Officer and Corporate Chief of Staff