Written by Guy McAllister, Director, Privacy & Security - iatricSystems
The Two Tales of Remote Access Security: Protection from Hackers, and Meeting Regulatory Requirements.
It’s all over the news - a new healthcare breach here, a new healthcare IT study there, that talks about how healthcare IT security needs to be a focus in 2019. Yet, we are already seeing more breaches in 2019 than ever before.
This could be due in part to the fact that as we shore up holes in our infrastructure, the savvy hackers find another way in. Or, it could be that while most healthcare leaders say security is a priority, it often falls further down the priority list.
You don’t have to look very far to find studies that say that improving the security of your network and data should be a priority. But, where do you start?
Today I am going to focus on the specific topic of securing remote access to your network.Some recent studies say that systems access management and remote access security need to be top priorities for 2019.
In fact, a recent report covered by Healthitsecurity.com examined the struggles Healthcare organizations have with cybersecurity preparations, saying third-party vendors accounted for more than 20% of breaches last year. Digging a little deeper, the report says,” The most common gaps among third-party vendors included risk assessment, access management, and governance.”
The ECRI study says that the top Health Technology Hazard of 2019 is that hackers can exploit remote access to systems, disrupting healthcare operations. I went into more detail about this study and topic in this blog post.
As reported by HealthcareITSecurity.com – Systems Access Management topped the list of threats in 2019. They reported that “…failing to ensure strong access control policies that revoke employee access after termination can lead to massive fines. Systems access management must be a priority in 2019 and beyond.
Another recent article in HealthcareITNews.com says that security should be a top priority for hospital CEOs. According to the article, "Security is important enough to be above everything else," said David Chou, a veteran hospital executive who is currently VP and principal analyst at Constellation Research.
These are just a few examples where the experts are saying cybersecurity, and remote access security in particular needs to be a focus now!
So, focusing on the topic of Securing Remote Access to your network, there are really two forces at play here:
A few places to start to protect your network from hackers:
Where to start to meet regulatory requirements:
Most CIOs tell me that their compliance department handles the BAA process and turns the vendor over to them to grant network access once the BAA is in place. That manual process may work for the first access, but what about a year from now? Do you know for sure (and can you prove) that each person accessing your network has a valid BAA? Fines and penalties exist for healthcare organizations found guilty of negligence in the BAA process; especially when allowing vendors to remotely access their network.
Some additional questions to consider:
I heard a quote recently that said, "it’s not a matter of if you will be hacked, but when." That is a scary thought. Considering the recent estimates that say approximately 56% of healthcare provider organizations have experienced a vendor or third-party breach! It’s up to healthcare IT security leaders to do everything in their power to put safeguards in place as a deterrence. We are enablers of cyber-attacks when we do little or nothing to protect our valuable assets, PHI.
If you want to learn more about how to secure access to your network and how to manage vendor (and remote employee) access, I would be happy to meet with you. Click here to request a meeting.