In this guest commentary,
Zuly Gonzalez, co-founder and CEO of Light Point Security
and former cybersecurity expert at the National Security Agency, discusses what physicians and private practices could do to help prevent hackers from gaining access to patients’ valuable health information.
Baltimore-based cybersecurity company developed the
“remote browser isolation”
to prevent ransomware and other web-based malware from infecting an organization. In light of the data breach at Henry Ford Health System, this should be at the forefront of physicians' concerns.
First, health care organizations need to treat security as a priority and increase their security budgets so that they can implement proper security measures and defenses.
From there, the first strategy health care organizations can implement to increase their security and protect personally identifiable information is network segmentation. The idea behind network segmentation is to isolate personally identifiable information and other sensitive data onto a network separate from the network where staff can do potentially dangerous things, such as browse the web and access email. That way if one network is compromised, the data is still secure. Remote browser isolation technology is one way of accomplishing network segmentation that doesn't interfere with the user experience, and allows nurses and physicians to still access the patient data they need to provide quality care.
Third, it's important to keep all systems patched and updated. The reason the recent WannaCry ransomware variant was able to spread so quickly was because organizations had not applied available security patches to their systems.
Fourth, organizations should follow the principle of “least privilege.” The idea here is to restrict the access and actions that staff are allowed to perform to only what is necessary for them to perform their duties. For example, if a user doesn't need to download files from the web as part of their job responsibility, then there should be a network policy in place that prevents them from doing so.
Lastly, to protect the data itself, the data should be stored in encrypted form to prevent cyber criminals from accessing it even if they've managed to breach the network.
For more information:
Zuly Gonzalez can be reached at firstname.lastname@example.org.