The Two Tales of Remote Access Security: Protection from Hackers, and Meeting Regulatory Requirements.
It’s all over the news - a new healthcare breach here, a new healthcare IT study there, that talks about how healthcare IT security needs to be a focus in 2019. Yet, we are already seeing more breaches in 2019 than ever before.
All hospitals know that they need to have some form of security plan in place to protect patients and their information. The problem is that the changing requirements and increase in breaches means that this plan has to always be evolving. Hospitals likely have goals for what they would like to change in the future to make sure they are adapting to the ever-changing threat landscape.
I recently posted about Ten Best Practices to Mitigate Cybersecurity Threats that came from recommendations by the Health and Human Services publication, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.” That document addresses five cyber threats, with ten best practices for small to large healthcare organizations.
On October 27, 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). Section 405 of CISA is specific to healthcare and charges Health and Human Services (HHS) with the responsibility of leading healthcare cybersecurity efforts, with the goal of keeping patient personal data secure.
ECRI Institute recently announced their annual “Top 10 Health Technology Hazards for 2019.” If you keep abreast of Health Information Technology (HIT) news, you already know the number one risk: hackers can exploit remote access to systems, disrupting healthcare operations.
"The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," said ECRI Health Devices Program Executive Director David Jamison. "In critical situations, this could cause harm or death."
The topic of security is on the minds of most healthcare IT professionals today. Securing remote access to your hospital's network is the deadbolt that helps protect your data. Most people don't leave their backdoor wide open, or expect that little doorknob lock to be secure, so why do most hospitals do the equivalent with their networks?
Times, they are a changing! And, that's a good thing! Have you evaluated or made plans to move to MEDITECH's new Expanse platform? I wanted to share with you how we are keeping up with the changes and helping hospitals keep up too.
As an IT security vendor, it's hard to compete with hope. After all, hope is free.
I was chatting with a group of hospital CIOs recently and we were discussing network security and what makes their networks vulnerable. I was surprised by the difficulty each was having with remote access by physician office staff. It was unanimously one of the greatest concerns. While we know they have some longstanding, awesome partnerships with physician offices, there are three main vulnerabilities that have surfaced with remote network access:
1) Unknown terminations
2) Inappropriate access discipline
3) Access after termination
Comments