CISO Insights: The Hidden Dangers of Unapproved Remote Access Tools
In today’s health care environment, where patient data security is paramount and cyberthreats are increasingly sophisticated, even a single misstep can have serious consequences. One such misstep is using unauthorized remote access software—applications that enable you to control an HM computer or network from a remote location—in an effort to resolve your technical problems quickly.
As a reminder, downloading any unauthorized software is against HM policy, and, unfortunately, tools like TeamViewer, AnyDesk and Chrome Remote Desktop used to resolve technical issues — when downloaded from the internet without IT oversight — are a major vector for malware, ransomware and data breaches. In recent weeks, we’ve seen multiple incidents where unapproved remote-control applications led directly to potential system compromise, requiring costly remediation and posing risks to patient safety and data integrity.
Unapproved remote control of desktops, laptops or servers, especially through unapproved tools, creates a perfect storm for cyberattacks. Here’s why:
- Bypasses Security Monitoring: These tools often operate outside of our managed security infrastructure, making it difficult to detect malicious activity in real time.
- Grants Full Privileges: Many remote-control apps give the remote user full access to the system, including the ability to install software, access files and disable security controls.
- Enables Lateral Movement: Once inside a single device, attackers can use it as a launchpad to move laterally across the network, targeting more sensitive systems.
- No Audit Trail: Without centralized logging, we lose visibility into who accessed what, when and why —making incident response and compliance reporting nearly impossible.
- Contain Malware: Unsupported tools are frequently bundled with malware, especially when downloaded from unofficial sources.
- Lack Necessary Security: Unsupported tools lack proper encryption or authentication, exposing sensitive data to interception.
- Violates Compliance Standards: HIPAA and other regulatory frameworks require strict controls over access to systems containing protected health information (PHI). Unapproved tools jeopardize our ability to meet these obligations.
Even tools that seem reputable can be exploited if not configured securely or if used outside of our managed processes.
The Right Way: Bomgar and SecureLink
To ensure secure, auditable and compliant remote system access, HM supports two enterprise-grade solutions:
1. Bomgar (BeyondTrust) – After submitting a ticket for support and it’s determined that IT needs to access your computer remotely, you’ll receive a pop-up notification requesting remote access to your computer. This request is initiated internally by IT to assist with technical issues. You’ll be prompted to approve or deny the request.
- The IT Support team member’s username will be displayed, allowing you to verify their identity and role at HM. Important: IT will never ask you to click any links or provide access codes.
- Sessions are logged and monitored for compliance review.
2. SecureLink (Imprivata) – This is for IT Support use only and would only be initiated by an IT-approved vendor for troubleshooting purposes.
- Reserved for third-party vendor access.
- Ensures vendors only access what they need, nothing more.
- Both tools are vetted, monitored and integrated into our broader cybersecurity framework. They help us maintain visibility, control and compliance, while enabling the support you need.
What You Should Do
- Submit a ticket on the IT Support website or find us on The HUB to resolve your technical issues.
- Never attempt to install remote access software.
- Report any suspicious activity or unauthorized tools to the IT Security team immediately.
- If you receive a call or email notice that there’s been a breach on your computer and someone needs remote access to your device, hang up and/or don’t respond, and contact the IT Security team immediately.
By working together and using the right tools, we can protect our systems, our data, and most importantly, our patients.