In recent years there has been an increase in hacking in the general marketplace and in particular Healthcare because of legacy systems and established well known vulnerabilities. There have been several large healthcare organizations over the last three years that have been affected by Ransomware attacks and it’s been widely publicized in the media. One key reason for these attacks is that organizations do have the right tools and layered security in place. It is not known whether the potential for Ransomware and other security attacks is more prevalent or likely with increased use of telemedicine, but it certainly is a concern many have expressed and may contribute to unwillingness to engage in telehealth activities.
A secure network environment needs to have a security directory where all devices authenticate to. The most widely used is Active Directory, but there are many other strong and legitimate directory structures that can be leveraged. When a directory structure is used, it eliminates the need for mapping direct drives for users, minimizing the impact of an infected machine with programs like Cryptolocker (a ransomware cyberattack from September 2013 to May 2014 that utilized a trojan that targeted computers running Microsoft Windows). This directory allows you to create a group policy for the user base that limits what users can and can't do. For example, not allowing users to launch executables is a very powerful administrative tool to protect environments. Another protocol that should be adhered to is having a password policy in place that has users change passwords every 90 days and that has specific security criteria such as, one uppercase letter, a number present, a symbol present, and is 10 to 12 characters.
Another security process to consider is installing two factor authentication (2FA) on every device within the production environment. This would encompass all laptops, tablets, all third-party devices and smartphones. All production applications should also be set up for 2FA. It makes no difference if the application is a local client on your machine or a website in the cloud, 2FA should be configured. If your environment is leveraging some type of session-based technology such as RDS/Citrix/VDI, this should also be configured with 2FA. It is also necessary to ensure all VPN connection are set up in this manner.
One of the most important security layers that needs to be in place in this security climate, is having a Next-Gen antivirus that manages threats. These types of antiviruses constantly scan the device for odd behavior, weird characteristics, odd commands that reveal the characteristics of an external presence. This type of software also is built to address ransomware-like viruses.
The next security layer that should be addressed is to ensure that the organization has a viable commercial grade firewall. The firewall should have intrusion protection service, geofencing, deep packet inspection, as well as the ability to filter web traffic to ensure that the appliance is blocking malicious websites.
Another important security layer is email security involving spam services. There should be a spam service in place that is obviously filtering spam, but more importantly has impersonation protection as well as threat protection regarding links within emails. Having a service like this in place will protect any links within emails sent to your users as well as address emails that are spoofed.
A final action that is probably the most important is having a viable commercial backup solution in place that is point-in-time. This means having a backup solution that allows your System Administrator the ability to restore to a specific time and date. Some things to consider when architecting a backup solution are:
- The backup data repository should be replicated offsite with a third-party location.
- The onsite backup system should not be able to access the third-party data repository for administration.
- The on-premise backup system should be segregated via a VLAN from the production environment.
- There should be an established data retention plan that documents the timeline for keeping data.
In conclusion there is not a silver bullet approach to addressing all security vulnerabilities in today's marketplace. It is the responsibility of the organization to take the right steps to ensure they have proactive measures in place. Having all these different actions, policies, and security tools in place will ensure that you are taking the necessary steps to protect your environment. More insurance companies are actually requiring some of the actions discussed and I predict that most of these actions discussed will be a requirement to even be insured in the next 15 months. Technology is ever changing and it's important to stay current on what methods and tools hackers are leveraging. Better to be proactive than reactive.