Author: Jessica Davis / Source: Healthcare IT News
Security basics go a long way to protecting patient data against even scary-looking attacks.
Ransomware. The word itself is scary enough, let alone the glimpse of just how damaging such attacks could be that the world saw in WannaCry and NotPetya during May and June. But cybersecurity experts counter that ransomware shouldn’t actually be so overwhelming to information security professionals — if they adhere to simple best practices.
For starters, backup files are crucial and those should be both encrypted and kept offline — separate from the main network, according to Engin Kirda, professor of electrical and computer engineering and computer and information science at Northeastern University.
[Also: WannaCry was not so shocking for nearly half of cybersecurity pros]
Lee Kim, HIMSS’ director of privacy and security said the real problem is that hospitals are often stuck running outdated, legacy systems. And even keeping pace with software patches is not always completely effective. Both NotPetya and WannaCry, for instance, leveraged vulnerabilities in these legacy systems.
In fact, Kim explained that when hospitals system must run these outdated systems, including those upon which medical devices are built, it’s necessary to make sure the ports of entry are as closed off as possible.
Learn more: Healthcare Security Forum, Boston Sept. 11-13, 2017. Register here.
“If an organization needs to run these systems, shelter the technology from the outside world and segment it from the network,” Lee said. “It’s always best practice to segment the network and not make it possible for one hacker to get in and pivot around your system.”
After patching, segmenting and software needs, Kim said that hospitals can increase defenses with pen testing, which actively scans the system or network for exploitable vulnerabilities.
Click here to read more