Interoperability and HIE

Privacy and Security

Report Writing

Determine if Your Security Plan is Working to Protect Your Networks

Written by Michelle Schneider, Product Director

SecureRamp Network Security Blog Header August 2018

Network security is like financial planning. There’s so much information out there that it can be overwhelming. People I know have made bad decisions and some have been fooled or tricked, resulting in big losses. If they are complacent and do nothing, things may or may not work out. Is that a risk worth taking? The only correct path is to find a good partner, educate yourself, protect your assets, and pave the way for a secure future.

I say finding a good partner is the first step because there are a lot of advisors out there, and whether we’re talking finances or network security, it’s important to team up with a company that understands your industry, has a reputation for providing great service, and is willing to take the time to understand you, your organization, and its goals.

Educating yourself about your finances and network security is paramount to action because an ignorant move can be more dangerous than no move at all. Investing in a fund that has a healthy return and spending that return in fees is usually caused by lack of knowledge.

I have worked with hospitals who were hacked and were shocked to find it could happen to them. They had invested in Remote Desktop Protocol (RDP), and were led to believe that this would be the barricade they needed to be safe from hackers.

Alas, implementing that infrastructure with the default port left them more vulnerable than ever. And, they are not alone. If you search the Shodan.io site, you will find that close to 3 MILLION sites have RDP ports that are available and open on the web. Is one of those ports yours? Again, education before action is important.

Here is an image from the Shodan site that shows the location of the default open RDP ports.

SHODAN_graphic 

Source: https://www.shodan.io/ - Total Sites with Open RDP Ports

With a good understanding of the options, and a confident plan for the best path for your needs, it’s time to protect your assets. In healthcare, one of our most precious assets is patient health information. It’s an interesting asset because the patients who entrust us to care for them rarely consider the risk of their information. They are hyper-focused on their medical well-being and outcomes and are shocked when they hear of an information breach. Their trust is unquestioning and unconditional; until the unthinkable happens.

Closing the most obvious gaps is the first order of business (i.e., don’t put off Windows updates and check those RDP ports!). Work with your partner to assess and mitigate current risks.

Once the most urgent needs are met, a solid plan for long term security must be the priority. Hackers are relentless, so your plan must include real time monitoring and retrospective analysis of all activity. Do not let your guard down.

Understanding the trends will make changes stand out like a sore thumb and allow you to be nimble when modifying your security plan. Just as a financial guru must perform frequent portfolio reviews and ensure that asset allocation is right for tomorrow’s market, you must keep up on the latest vulnerabilities and ensure that your security plan is current and relevant. Be diligent in your defense against cybercrime, because what’s safe today may be child’s play for tomorrow’s hackers.

We’ve compiled some of the recent cyber breaches in this healthcare industry case study and given guidance for how to overcome some of the breaches so you can take steps to make sure these don’t happen to your organization.

You can also email me to discuss your specific security plan to identify where you might need to take action to safeguard access to your network.

Topics: remote network access, network security, privacy breaches, protected health information (PHI), security plan, networks

Subscribe to the Interoperability and HIE blog.

Receive the latest articles directly in your inbox.
Enter your email address and click SUBSCRIBE:

Comments

0 COMMENTS