HITS implements 30-day network policy

Michigan Medicine 30-day network information assurance policy

The institutionally owned devices we use to do our work are kept secure by connecting regularly to the internal U-M network. Connecting ensures that our devices receive the patches and anti-virus protection that are typically installed automatically and daily whenever we are logged in.

Effective August 16, 2018, Health Information Technology & Services (HITS) will implement a policy which will block managed devices—specifically CoreImage or CoreMac devices—from accessing the Michigan Medicine network if they haven’t connected or run maintenance for a period of thirty days or more. Michigan Medicine users who fall into this category will see a “captive portal” message notifying them that they need to contact a support representative to have access re-established.

The devices of users who don’t log in and connect to the Michigan Medicine network for more than thirty days have not been kept up-to-date, making both personal information and any university or sensitive information on the device vulnerable to security risks. Because connecting to the network is a two-way communication process, not only is data at risk, but malware can be introduced to the entire network if the operating system or applications on a device don’t receive the various security updates pushed to the system.

“It is always best practice to keep the operating system and applications on your devices current,” notes Joe Kryza, HITS senior director for enterprise infrastructure. “The daily maintenance that runs in the background ensures that your device receives these updates. You don’t have to be on-site either; maintenance is run automatically when you use VPN to connect remotely into the internal network. The challenge to security occurs when you don’t connect.”

The new policy is in keeping with the HITS network and inventory security initiative implemented over the last two years to keep the Michigan Medicine network safe.