Citiscape IT

Attackers can exploit vulnerabilities on a computer systems or computer networks. Attackers can gain access to systems by obtaining credentials of network administrators and others with high levels of network access and privileges. Also, attackers will look for hard-coded passwords in configuration files of application software or passwords that are transmitted.

To assist in security your computers and networks, Covered Entities and Business Associates should consider:

• Assign system administrators the daily task to read and decipher network and system activity logs. Firewall logs are also very important in catching network traffic and activity.
• Segmenting networks and important data.
• Patching systems and implement application whitelisting.
• Limiting access privileges and enable file access logging and monitoring for information systems.
• Removing hardcoded passwords and legacy protocols that transmit passwords in clear text.
• Implementing a device that monitors network activity and produces logs that can record anomalous activity.
• Make sure all devices attached to the network have antivirus and anti-malware definitions updated and auto scanning is enabled.
• Make sure all operating system software patches are up to date and make sure your operating systems are supported.

Security needs to be PROACTIVE and not REACTIVE. Organizations in general (not just Healthcare) need to rethink their security and business models.

• Set aside egos and think strategically. Assume your organization is vulnerable. It is not a matter of "if" but "when" a security incident or breach will happen to your company. Have a plan in place to mitigate that. You can't prevent a breach but you can certainly detect it.
• Restrict access. Not everyone needs access to production servers, patient data, PII, etc.
• Monitor everything. Set up alerts, and have monitoring in place for everything and make sure the log files are saved and stored independently and viewed daily. By monitoring everything we mean access to databases, access to servers, access to applications, firewalls, spikes in access or activity, access to files,
• Make plans for a worst case scenario.
  • How do you lock things down as quickly as possible to contain a breach? This should be documented and reviewed.
  • Work backwards from a possible data breach incident and plan how to safeguard and put protections in place to prevent a breach in the first place.
• Have detections and protections in place for polymorphic malware and advanced persistent threats.

Organizations need to get out of the mindset of security being an overhead. There needs to be dedicated resources (in-house, outsourced, or both) personnel to deal with security and compliance initiatives.