Sunday, April 7, 2019
The Three Major Security Threats in Healthcare Essay Example for Free
The Three Major warrantor Threats in Healthc be EssayNowadays Doctors and Nurses has several mobile devices in found to provide forbearing c atomic number 18. Virtualization is very important in providing adequate and affordable patient cathexis in the rural health industry. Attempts to breach certification happen every day in our agency. Preventing cyber-attacks and security breaches is a never terminal battle in profits security.IntroductionI am an IT professional focusing on internet security in the healthcare industry. Every day we monitor the entanglement for phishing/pharming, do attacks, Trojans, and other security breaches. Mobile Devices, virtualization and lackadaisical end- practisers are the biggest threats to network security. Mobile DevicesAn article in GCN says it best, Mobile devices are present in todays society, and the number and types of devices used by physicians, nurses, clinicians, specialists, administrators and staff as well as patients and visitors is growing at healthcare agencies across the country. Nowadays Doctors and Nurses has several mobile devices in order to provide patient care.Cellphones, laptops, and tablets are of the norm. I female genital organt remember the last time I had a doctors visit and the doctor didnt update my chart using a laptop or tablet. entirely of these wireless devices make the network vulnerable. In my opinion wireless security has always been the hardest part of the network to protect because there isnt a physical connection that can be monitored. End-users dont always use secure passwords or they share passwords.At our agency an employee is not allowed to bring in a mobile device other than a personal cellphone to the workplace in order to reduce security breaches. The Office of Management and Budget, Personal Identity Verification cards had been issued to 3.75 million federal employees as of Dec. 1, 2010, or 80 percent of the government workforce, and to 76 percent of contracto rs who are eligible to use the cards, about 885,000 contractors.My agency uses Personal Identity Verification or PIV cards to gain feeler to outfit devices on the network unfortunately that is not the case for wireless devices. Although we cast two-party authentication in place for all devices it would be nice to have tertiary layer much(prenominal) as a smart card or PIV card for wireless devices. I dont foresee a solution happening for a few twelvemonths due to the cost in an al learny financially burdened healthcare system.It is true that a reliance on off-the-shelf products means that there bequeath be no PIV card readers available for workers signing on to check e-mail or read a document while out of the office. VirtualizationThe agency I work for specializes in rural healthcare therefore often they dont have the equipment or the staffing to complete tasks such as indicant X-rays, providing behavioral health etc. Over the years we have had to implement Telehealth in order to meet these requirements.A patient in rural Minnesota may have his or her x-rays read by a physician in Billings, Montana. An individual may have weekly counseling sessions with a psychiatrist that is 500 miles away. Nowadays most healthcare companies use electronic health records to access patient information. denial of Service DoS attacks happen when a hacker manages to overload a server to render it useless.A DoS attack is prevalent and damaging in virtualized environments and can preventsthe physicians and nurses from retrieving a patients information. If they are unable to access patient history to include what medications they are on or what they may be allergic to etc then they are unable to provide or give the wrong patient care which could be deadly. Therefore virtualization is very important in providing adequate and affordable patient care in the rural health industry.End-UsersOur agency has mandatory computer security and security training every year in an effort t o preempt attacks on the network. This mandatory training is required to be taken by every employee including the IT department. Attempts to breach security happen every day in our agency. Although we have security measures in place we have to constantly educate our end users on how to handle suspicious activity, password asylum etc.Unfortunately there is always that one person that opens a suspicious email or shares their password or loses their token or PIV card and they dont report it. This makes the network vulnerable. I have always believed that end users are a companys biggest security risk. Allowing end users to access social media, personal email etc can allow for viruses to infect PCs servers etc. Once a virus is in the network it ordain spread like wildfire which will cripple the network. PreventionWe use a lot of tools to constantly monitor the network to prevent DoS attacks, viruses, packet sniffing, phishing etc. We have implemented Websense as a means of policing wha t websites an end-user can surf to.We have firewalls in place to prevent end-users as well as outsiders from having access to IP ranges on our network as well as outside the network. We use access list on the routers as other layer of protection. We have penetration testers in our department whose only purpose is to look for packet sniffing and holes in the network.We have another group that monitors suspicious activity on the network such as a spike in bandwidth or an IP that is sending or receiving a rangy amount of information for specific length of time. Preventing cyber-attacks and security breaches is a never ending battle in network security. ConclusionHealthcare news states that Healthcare is driving the need for network security solutions that can cover multiple types of devices and infrastructure components. Although we are largely driven by the Federal Communications instruction and HIPPAA my department is constantly implementing new devices and measures to secure the network and protect patient and employee information. This takes constant training and a lot of due diligence to accomplish that goal.ReferencesAre mobile devices already making PIV cards rare? Retrieved on October 13, 2013 from http//gcn.com/articles/2011/03/11/piv-status-update.aspx PIV Cards are in the hands of most federal employees and contractors, Retrieved on October 13, 2013 from http//gcn.com/articles/2011/03/11/piv-status-update.aspxTop Five Security Threats in Healthcare, Retrieved on October 14, 2013 from http//www.healthcareitnews.com/news/top-5-security-threats-healthcare
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.