Hi Everyone,
I created an infographic for mitigating cyber attacks in the healthcare industry, but I realized that it might be easier if I also included a text version that is easy to copy/paste text from. So here it is.
Recent cyber attacks targeted healthcare organizations should not be ignored because as cyber security is important for banking industry or governmental institutions..it should be so in other industries like Healthcare…we’ll discuss ten simple guidelines through which you can mitigate and protect healthcare business.
1- Management support
Recent cyber attacks targeted healthcare organizations should not be ignored because as cyber security is important for banking industry or governmental institutions.it should be so in other industries like Healthcarewe’ll discuss ten simple guidelines through which you can mitigate and protect healthcare business.
Getting Management support and convincing them about the necessity of allocating the required resources to establish an information security program.This is the most important step because it involves Management of the organizations into capitalizing and bankrolling with the required budget and resources in order for the security team to be able to execute the program.
2- Asset Identification
Every resource that handles or stores information is considered as an asset. Examples of assets are computers,servers, medical devices including portable ones and every unit that has financial value.This step includes the Identification and classification of Data..Many schemes are under choice with regards to classifications of information like the military scheme.
3-Enforce Security policies
This includes the principle of least privilege, the need-to-know basis,separation of duties,due care and due diligence.Security policies must be followed by procedures that explain them clearly.
4-Encrypt and Backup PHI
Implement Disk Encryption to every computer that stores or transmits PHI whether the computer is connected to Medical device or process PHI in other medical units. Backup Disks are a must and the backup copies must be encrypted. On to the practical portion. At rest, AES Encryption is a good choice and for the part that relates to data at transit..SSL or IPsec tunnels are considered too.
5-Use Firewalls
Firewalls are the first line of defense in protecting any type of organization. Installing Intrusion prevention system either host based or network based is referenced back to company’s size and budget.The most notable thing to mention here is to configure the firewall to operate in stateful mode.
6-Security Software
Install server-based security solution or end user-based especially at hosts that stores or transmits PHI or the ones that contain medical devices’ software
7-Compliance
Ensure Compliance with the legal regulations in addition to Security frameworks,For example, HIPPA , ISO27001 , COBIT , NIST, and PCI -DSS . When it comes to HIPPA.. notifying the patients or the customers about what is the purpose of collecting every information about them is must procedure.
8-Periodic Risk assessment
Identifying the prospective threats, vulnerabilities, and exploits.Determining the likelihood, impact, and the remedies are major components.Accept risk after careful assessment of your budget.This includes the threats in the IT Environment and the natural threats like Floods,hurricanes,fire,tsunami …etc.
9-BYOD Management
Major security breaches happen and occur as a result of Mobile device breach.Mobile devices of employees must not be connected to the network infrastructure unless in strict situations
10-Security Training
Security awareness training is a must for all Health Departments especially those who are responsible for financial transactions and PHI Processing. Quizzes, questionnaires, and presentations are the choice. Humans are the weakest link in any organizations .Investing the time and resources to train them is considered as substantial process
Again those are streamlined guidelines that could help security professionals orchestrate their detailed and crafted plan