This blog and other places have discussed the recent publicity about Ransomware and how hospitals cope with it, some better than others. What they really want is the Electronic Health Records that are employed in such environments. EHR are very personal and specific. Add the web-based nature of exchange and that is manna to a hacker because they can “hit once, effect many”. Mark Menke, security expert and CTO of Network DLP at Digital Guardian remarked: The financial incentives associated with EHR adoption encourage healthcare providers to roll out bare-bones systems without the infrastructure to back them up (Lisa Hoover McGreevey, 2016).
- HIPAA has very specific rules regards data security and the chain of command. Ignore this at your peril.
- Virtually all data in an EHR is valuable, some parts more than others. It is the cyber security specialist along with the practice IT staff or consultants to know the difference. Ignorance is not bliss here.
- Encryption, Digital Rights Management (DRM), Single Sign On (SSO), and other technologies are your gateway to mitigating the attacks that will come.
- Backups, Backups, Backups. The size of the organization will determine how often this is done; Real-time on-site/off-network and hourly off-site is a good place to start.
(Mark Menke, 2016).
Lisa Hoover McGreevey. (2016, April 13). Hackers could skip hospitals and take aim directly at EHR vendors. Retrieved April 16, 2016, from http://www.fiercecontentmanagement.com/story/hackers-could-skip-hospitals-and-take-aim-directly-ehr-vendors/2016-04-13
Mark Menke. (2016, April 11). Are EHR Vendors Hackers’ Next Big Target? – HIT Consultant [FaceBook]. Retrieved from http://hitconsultant.net/2016/04/11/preparing-ehr-vendors-cyber-threats/