<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

Keeping the healthcare industry safe with the right IT software

Posted: 25 July 2018

Keeping the healthcare industry safe with the right IT software

The hospital and healthcare industry met quite a few challenges involving ransomware in the last year. Reports of malware infecting machines in medical facilities took over news channels. The reality even infiltrated popular culture when Grey’s Anatomy ran an episode where ransomware was an integral part of the storyline. We all laughed a little when the Chief of Surgery, Miranda Bailey, said she could afford 4,932 bitcoin without her knowing that the amount equated to $20 million. It became all too real for Grey-Sloan Memorial, and their example was a great depiction of what was really going on in the medical world.

Hospitals are an easy target because they use computers for almost every function. They use tablets for patient’s records, machines to monitors someone’s heartbeat, and computerized boards to keep everyone on schedule. As soon as an attack strikes, they are at the mercy or their attacker. The hospital has to decide to revert to paper without access to their patient’s records, thus potentially causing a mistake that could cost someone’s life or send the patients over to other hospitals in the area which is quite cumbersome.

In January 2018, Hancock Regional Hospital’s computer was compromised by a hacker who demanded bitcoins as ransom. The infamous SamSam infector requested four bitcoin, totaling around $45,000. At the time, the hospital was experiencing a huge influx of patients forcing them to pay out the ransom for the keys. They were desperate to get back online to tend to the increase of persons being admitted due to an awful flu season and snow storm.

Just like Hancock Regional Hospital, other medical facilities do not have the time to negotiate with the hackers because they are experiencing potential deaths of patients, that is why hospitals are such an easy target.

IT software for the healthcare industry to mitigate potential attacks

Hancock Regional Hospital is just one example of medical facilities that have been attacked in the last few years. During the first six months of 2017, organizations accounted for 42 percent of all ransomware infections, up from 30 percent in 2016 and 29 percent in 2015. This shift was
mainly accounted for by WannaCry and Petya.

[You may also be interested to read "Ransomware: From Rags to Riches"]

Hospitals need to protect themselves from potential attacks as well as keep up with compliance since they hold the personal data of patients from around the world. In a busy facility, one solution is not enough to keep their equipment and data safe.

Network security

Healthcare networks typically have various points of access, and some of them are not very secure. These, of course, include computers and tablets, but they also include a variety of different medical devices, part of the vast IoT world. These entry points can make hospital systems particularly vulnerable if they are not protected by hospital security software that monitors the network and prevents malware from entering the system.

One way to mitigate that risk is by ensuring all of the machines in the facility are up to date on their patches. That might seem like a difficult feat, but you can use software like GFI LanGuard to inventory, identify risk, and deploy patches from one console. Many attacks occur because systems are out of date and hackers exploit a vulnerability. Your business is less likely to be a victim if all of your machines are kept up to date with their patches.

Healthcare compliance

Regulations force hospitals, clinics, and other healthcare facilities to adhere to strict privacy and reporting rules. These facilities still have to maintain communication with patients, insurance companies, and other healthcare settings. In some treatment centers, unintentional errors by employees are just mishaps that are waiting to happen.

Good healthcare compliance software can monitor all types of communications and even block any information from being sent if this is against regulations or hospital policies. This could include any data that exits or enters the facility via fax, emails, and other types of communications. Compliance may require that documents be faxed because they need their original signature. The thought of standing next to the fax machine is daunting but with technology like GFI Faxmaker, if you have email, then you can fax.

Medical facilities also need to keep an eye on information being taken without permission. With GFI EndPointSecurity, you can monitor when an external device is connected to your network. You can also stop information from being transferred without authorization. Foreign devices do not stand a chance if you are ten steps ahead of the culprit.

Patient record archival

Patient records have become almost entirely electronic these days. Patients are more likely to see a doctor call up their data on a laptop or handheld device than to see a doctor bring in a paper file. Healthcare facilities have to employ fast, safe, and efficient storage software for these archived records. Archiving can all be done with GFI Archiver. The system allows for intelligent reporting, and it is already configured to run reports that comply with HIPAA, SOX, and GDPR.

Currently, a lot of the focus of the healthcare industry is on digital records, computerized devices, and even electronic diagnostic systems otherwise known as the IoT. Because of this, healthcare computer technology is rapidly expanding, still evolving, and is also sometimes quite vulnerable because attackers know that the data stored is of high value. The right IT software for healthcare companies should keep both patients and healthcare facilities healthy.

[You may also be interested to read "5 Tips to Protect Critical Infrastructure in the Age of IoT"]

If you think that getting all of these solutions to protect your business would be expensive, think again. With GFI Unlimited, you can access a full library of business-proven network security and communications for one low price per user. The GFI Unlimited arsenal includes GFI LanGuard, GFI EndPointSecurity, GFI Archiver, GFI FaxMaker and more.

(This blog post originally appeared on TechTalk by GFI Software)

New Call-to-action

Valerie Rivera Content Editor, GFI Software
Posted by: Valerie Rivera
Content Editor, GFI Software
Share via:
    

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts