CLEAN LAPTOP/PHONE PROGRAM

Mass General Brigham Information Security and Privacy Office issued an Information Security and Privacy Memorandum in 2021 to notify all impacted individuals and business units that business travel to China, Russia and other high-risk countries, whether for research, clinical or consulting purposes, creates specific information security challenges that must be addressed in order to effectively secure Mass General Brigham’s data and assets. The Clean Laptop/Phone Program has been put in place to address these concerns.

TRAVEL STATEMENT

All Mass General Brigham workforce members traveling to China, Russia or other countries identified as high risk by the Department of Commerce must take special care to ensure MGB’s data and assets are properly secured, due to the fact that personal privacy may not be respected. Even private spaces such as hotel rooms, rental cars, and taxis may be subject to video, audio, or other monitoring. Workforce members are advised to assume that anything done on any device, particularly over the Internet, may be intercepted. In some cases, encrypted data may be decrypted. To that end, the following security controls must be followed by any individual conducting Mass General Brigham business in China, Russia, or other high-risk countries.

  • When you make your transportation arrangements, register your travel plans (including dates oftravel) with the MGB Travel Safe Program.
  • Review the Department of Commerce high-risk country list, specifically countries listed as high risk for National Security and Chemical & Biological purposes. If your travel destination appears on this list, contact your hospital Export Control Officer at the link below to determine whether you should take advantage of the clean laptop program while traveling or if there are country-specific export controls requirements that must be addressed prior to traveling.
  • Contact your hospital’s Information Security Officer (ISO) no less than 10 days prior to departure to request a clean computer and mobile phone. Do not bring or use your regular devices during your trip. Clean phone program requires an update to Mass General Brigham’s myprofile.partners.org to include the international calling number for multi-factor authentication.
  • Change all passwords prior to departure.
  • Backup your laptop and/or phone before departure.
  • Leave unneeded car keys, house keys, smart cards, credit cards, swipe cards, employee badge or fobs you would use to access your workplace, or other areas, and any other access control devices you may have at home.
  • Remove any financial information such as bank account numbers, logins and passwords you may have in your purse or wallet.
  • Document the account numbers to anything you do take, so that if lost/stolen, you know what is missing.
  • Obtain and use an RF-shielded cover or case for any RFID cards (including U.S. Government Nexus “trusted traveler” cards) that you do plan to take with you.
  • When you make your transportation arrangements, register your travel plans (including dates of travel) with the Mass Genearl Brigham Travel Safe Program.
  • Review the Department of Commerce high-risk country list, specifically countries listed as high risk for National Security and Chemical & Biological purposes. If your travel destination appears on this list, contact your hospital Export Control Officer at the link below to determine whether you should take advantage of the clean laptop program while traveling or if there are country-specific export controls requirements that must be addressed prior to traveling.
  • Contact your hospital’s Information Security Officer (ISO) no less than 10 days prior to departure to request a clean computer and mobile phone. Do not bring or use your regular devices during your trip. Clean phone program requires an update to Mass General Brigham’s myprofile.partners.org to include the international calling number for multi-factor authentication.
  • Change all passwords prior to departure.
  • Backup your laptop and/or phone before departure.
  • Leave unneeded car keys, house keys, smart cards, credit cards, swipe cards, employee badge or fobs you would use to access your workplace, or other areas, and any other access control devices you may have at home.
  • Remove any financial information such as bank account numbers, logins and passwords you may have in your purse or wallet.
  • Document the account numbers to anything you do take, so that if lost/stolen, you know what is missing.
  • Obtain and use an RF-shielded cover or case for any RFID cards (including U.S. Government Nexus “trusted traveler” cards) that you do plan to take with you.

Never use shared computers in cyber cafes, public areas, hotel business centers, and never use devices belonging to other travelers, colleagues, or friends.

  • Use Citrix to connect to Mass General Brigham resources (workspace.partners.org).
  • Rigorously apply minimum necessary principles to all information accessed, used or obtained.
  • When not in use, completely logout of applications accessed and fully power down devices. Do not allow them to be in “sleep” or “hibernation” mode, make sure they are shutdown.
  • Keep device(s) with you at all times during your travel. Do not assume they will be safe in your hotel room or in a hotel safe.
  • Do not send sensitive messages.
  • Disable and fully cover any integrated laptop cameras.
  • Physically disconnect any integrated laptop microphones.
  • Be aware of your surroundings and shoulder surfing. Position yourself to minimize this opportunity for others.
  • Disable all unnecessary network protocols, (e.g., Wi-Fi, Bluetooth, infrared, location services, GPS, etc.)
  • Do not plug your phone into charger kiosks. There may be a hostile computer on the other end of that innocent-looking wire.
  • Access to services that we take for granted like Gmail and other Google apps, Wikipedia, and Yahoo Web Mail are often blocked altogether or monitored/filtered.
  • Do not store any sensitive data on your devices while traveling overseas.
  • Do not use or borrow others’ USB memory sticks.

Upon return to the United States and prior to re-connecting to any Mass General Brigham network or technology, Mass General Brigham workforce members must complete the following.

  • Immediately discontinue use of the temporary device(s) you brought with you. The hard drive of the devices should be reformatted, and the operating system and other related software reinstalled prior to being reconnected.
  • Delete any data stored on such devices listed above.
  • Change all passwords you may have used abroad from an alternate device (other Mass General Brigham/Institution workstation/Laptop)
  • Do not plug in any USB memory sticks that you have obtained/received during travel.
  • Return the devices by contacting the IS Service Desk site techs for pickup. Ensure you notify them the devices were on international travel.
CONTACTS

Information Security Officers by Institution

Phone Registration – International

Export Control Officers

MGB IS Service Desks by Institution

RESOURCES

Clean Laptop/Phone Program Memorandum

MGB Travel Safe Program

Scroll to Top
Skip to content