Providence to Block Internet Connections with High-Risk Countries
Published December 15, 2014
In recent months, we have observed a significant increase in attacks on Providence network resources. Many of these attacks include network traffic from foreign countries that is blatantly unnecessary for Providence. Here are two recent examples of how our security is being violated:
- A phishing attack included users logging into our email system via Outlook Web Access from Nigeria. Our response was to immediately disconnect these users and block all logins to our email servers coming from Nigeria, but not before they had sent phishing and spam emails from a Providence email account.
- During the latest CryptoWall virus outbreak on the Swedish network, data from the infected machines was illegitimately relayed to several foreign countries, including Ireland, Russia, Poland, the Netherlands and Greece.
In light of these and other instances, Providence will block access to specific systems from “high risk” countries. This strategy will significantly reduce the risk for Providence by reducing the volume of phishing attacks and reducing the risk of data loss.
The security engineering team plans to make this change in the firewall on Thursday, Dec. 18. The impact of these changes will be minimal on your daily use of the system. Some users who are outside of the United States may be unable to connect to Outlook Web Access, or other employee resources. Users who experience these difficulties should first connect to the Providence VPN, since this will be unaffected by any of the planned changes.
If you are planning to travel overseas and have concerns about accessing our system from abroad, please contact the IS Service Center before you travel.
Should you have questions or concerns, please contact Matt Price in the Information Security Department.
Unfortunately, while Providence has strong firewalls and anti-virus protection, cybercriminals can overcome these protections by tricking caregivers into sharing credentials. We will continue to educate all caregivers to be on the alert for phishing attacks and we remind you that Providence will never ask for your user ID or password via email.