It's week 3 of the cyber security awareness month and this post will be focusing on Securing Internet-Connected Devices in Healthcare. One of the most affected sectors by cyberattacks over the years has consistently been the health care sector. The demand for PII like social security numbers, insurance information, addresses, etc. and the systems often not being sophisticated enough are some of the major causes for the healthcare sector being the biggest target for cyber attacks. For instance, the Wannacry ransomware attack in 2017 brought healthcare services across the UK to a standstill and cost the NHS £92m as losses and for restoring the IT services. While this week's focus is on protecting the inter-connected devices, we wanted to list a few activities that can help organizations in healthcare, to improve their overall security.
4 quick checks to keep your IT security at its best.
Be compliant with HIPAA and other mandated security compliances.
The Health Insurance Portability and Accountability Act (HIPAA) was mandated for all organizations that store, process, or transmit protected health information (PHI). HIPAA requires that all health care organizations dealing with sensitive patient data must establish a security management process to protect patients' confidential data from attempted unauthorized access, use, disclosure, or interference.
Ensure all devices in the network are inventoried.
Ensure all computers are inventoried, and the ones that are disabled or the ones from which there has been no activity or access are disabled, isolated or removed from the network. It would also help to have the list of all users who have been given mobile-based access to emails.
Review and update all assigned access permissions across departments.
Since patient information handling is done by multiple departments like medical, pharmaceutical, insurance, administrative, etc., it is necessary to assign permissions to only the specific data or servers based on the departments or roles. It is also important to regularly and frequently review the permissions assigned to all personnel who have access to patient information and ensure that any excess permission is removed.
Have a tried and tested disaster recovery plan.
Backing up your organization's AD data will ensure you are able to get your organization back on track and continue all operations with the relevant level of access permissions and rights for every single user in your organization should there be any loss of AD data, which might be accidental, or a deliberate one to bring your operations to a halt.
When healthcare services are already burdened during times like these, it might be a difficult task for them to focus on IT security as well. ADManager Plus provides simple, script-free solutions for securely managing the Active Directory for health care services like,
Pre-built reports for monitoring logon, password, and GPO activities, etc to stay compliant with HIPAA at no additional cost. Learn more about it here.
Back and recovery to help you create an effective data recovery plan as it allows you to customize settings for on which data, frequency, storage term, no. of full backups and more in a few clicks with seamless and granular data recovery options. Learn more here.
Options to create custom roles as per the role based access control policy and provides audit reports for technicians. Learn more.
Automated clean up of access and permissions for inactive devices. Learn more.