Does Mesh Central support blanking remote screen
-
@scottalanmiller said in Does Mesh Central support blanking remote screen:
@jaredbusch said in Does Mesh Central support blanking remote screen:
@scottalanmiller said in Does Mesh Central support blanking remote screen:
Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.
Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.
Hence the need to blank the screen so that it is the same as any VDI style medical system.
No he's saying IT should not have unmonitored access to PHI data. You are logged in as that user so it's not really auditable.
-
@scottalanmiller said in Does Mesh Central support blanking remote screen:
@jaredbusch said in Does Mesh Central support blanking remote screen:
@scottalanmiller said in Does Mesh Central support blanking remote screen:
Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.
Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.
Hence the need to blank the screen so that it is the same as any VDI style medical system.
No, your people are the breech. You should not need to see random PHI to support anything. If there is a can't print chart issues, etc, there should be a generic, fake, patient that can be used.
-
just checked my test system, see no option of screen blanking. you can lock the user session though.
-
@scottalanmiller unfortunately, it seems the answer is No.
-
@jaredbusch said in Does Mesh Central support blanking remote screen:
@scottalanmiller said in Does Mesh Central support blanking remote screen:
@jaredbusch said in Does Mesh Central support blanking remote screen:
@scottalanmiller said in Does Mesh Central support blanking remote screen:
Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.
Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.
Hence the need to blank the screen so that it is the same as any VDI style medical system.
No, your people are the breech. You should not need to see random PHI to support anything. If there is a can't print chart issues, etc, there should be a generic, fake, patient that can be used.
I mean they are also managing peoples passwords and typing them in for the customers so you're already down a bad rabbit hole.
-
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
-
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.
-
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
It's all about the data. PHI and confidential secrets should not be seen by support. Yes there may be a patient up on a screen when troubleshooting an issue, but you should not have the ability to scroll through records unaudited. When you blank out the screen you could query patient data under the user's login.
I worked at the hospital system that treated all patients of the Orlando mass shooting. Our hospital system was very proud that we saved every person that made it to the ER alive. Anyway, in the aftermath 6-8 employees were fired for accessing PHI that wasn't a need to know. In most cases it was a friend or someone close to the family.
-
@krzykat said in Does Mesh Central support blanking remote screen:
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.
Insider threat is the number one threat.
-
@krzykat said in Does Mesh Central support blanking remote screen:
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.
Yes exactly, either trust your support team or not, from time to time we may access the same vcenter guest console. Same difference with our support tool except we aren't authenticating to vcenter.
-
@irj said in Does Mesh Central support blanking remote screen:
@krzykat said in Does Mesh Central support blanking remote screen:
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.
Insider threat is the number one threat.
True, but that isn't such a concern here more than just a basic lack of understanding of remote support tools and how console access works (to a physical or virtual system)
-
@irj said in Does Mesh Central support blanking remote screen:
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
It's all about the data. PHI and confidential secrets should not be seen by support. Yes there may be a patient up on a screen when troubleshooting an issue, but you should not have the ability to scroll through records unaudited. When you blank out the screen you could query patient data under the user's login.
I worked at the hospital system that treated all patients of the Orlando mass shooting. Our hospital system was very proud that we saved every person that made it to the ER alive. Anyway, in the aftermath 6-8 employees were fired for accessing PHI that wasn't a need to know. In most cases it was a friend or someone close to the family.
Fired "for accessing" is totally different than "weren't authorized to access." Any doctor would be in the same boat.
-
@irj said in Does Mesh Central support blanking remote screen:
@krzykat said in Does Mesh Central support blanking remote screen:
@dustinb3403 said in Does Mesh Central support blanking remote screen:
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.
Insider threat is the number one threat.
Yup, although even MSP support is still "insider" when used in that context. But it is true, employees of the primary company are a bigger threat than insiders of a secondary.