In recent years there was an increase of hacking effort in the general marketplace and in particular, healthcare. There was hacking in healthcare because of legacy systems and established vulnerabilities. Presented in the media over the last three years were several large healthcare organizations affected by ransomware attacks. The main reason for this occurrence is organizations not having the correct tools and layered security in place.
A secure network environment needs to have some a security directory where all devices authenticate to. There are many strong and legitimate directory structures that could be leveraged, but the most widely used is Active Directory. When there is a directory structure in production it eliminates the need of mapping direct drives for users and the impact of an infected machine with Crypto locker. This directory allows you the ability to force group policy amongst the user base and limit what the user can and cannot do. For example, not allowing users to launch executables is a powerful administrative tool to protect the environment. Another action that should be adhered to is having a password policy in place that changes every 90 days and has certain security criteria. The password should be 10 to 12 characters, contain one uppercase letter, a number, and a symbol.
Another security action to be considered is installing two factor authentication (2FA) on every device within the production environment. It would encompass all laptops, all tablets, and all third-party devices. All production applications should be set up for 2FA to ensure validity. There is no difference between if this application is a local client on your machine or a website in the cloud, 2FA should be configured. If your environment is leveraging some type of session-based technology such as RDS/Citrix/VDI, this should also be configured with a 2FA, and all VPN connection should be set up in this manner.
In the next section I will discuss one of the most important security layers that needs to be in place in this security climate, a Next-Gen antivirus that manages threats. These types of antiviruses are constantly scanning the device for odd behavior, weird characteristics, and odd commands displaying the characteristics of an external presence. This type of software is built to address ransomware-like viruses.
The next security layer to be addressed ensuring that the organization has a viable commercial grade firewall. This device should have intrusion protection service, geofencing, deep packet inspection, as well as the ability to filter web traffic in order for the appliance to block malicious websites.
Another key security layer that should be addressed is email security involving spam services. There should be a spam service in place that addresses spam and impersonation protection as threat protection regarding links within emails. This protection will prevent any links within emails sent to your users, and emails that are spoofed.
The final action is having a viable commercial backup solution in place that is point-in-time which is having a backup solution that allows your System Administrator the ability to restore to a specific time and date. When architecting a backup solution, you should consider the following:
The backup data repository should be replicated offsite to a third-party location.
The onsite backup system should not be able to access the third-party data repository for administration.
The on-premises backup system should be segregated via VLAN from the production environment.
There should be an established data retention plan that documents the timeline for keeping data.
To conclude, there is not a silver bullet approach to address all security vulnerabilities in today's marketplace. It is the responsibility of the organization to take the right steps to secure the proactive measures of different actions, policies, and security tools in order to protect your environment. Insurance companies are requiring some of the actions discussed above, and I believe these actions will be a requirement to be insured in the next 15 months. Technology is ever changing, and it is critical to remain current on what methods and tools hackers are leveraging. It is efficient to be proactive than reactive.