EHR Cyberattack Affected 3.9 Million
Investigation Reveals Far More Organizations Impacted
… Security expert Tom Walsh, founder of the consulting firm tw-Security, says he is startled by how many victims and entities are affected by the breach.
” I was surprised at the number of entities affected and the total number of patients. Some of those entities affected are located in Kansas, so I had heard about the breach through some of those organizations,” says the consultant, whose company is based in Kansas. “All PHI data is a potential target. Obviously, we can and need to do a better job of protecting the data.”
In the wake of the attack, healthcare organizations should take several steps protect EHRs, including cloud-based systems, Walsh says. Key action items include:
- Patch management. Systems need to be evaluated and updated frequently.
- Tighter access control. This is especially needed for system administrator access or elevated privileges, including employees, contractors and subcontractors. For example, two-factor authentication should be required for any type of remote access.
- Database encryption. Of course, this will only help if a hacker has not compromised a system administrator’s account.
- System monitoring. Consider outsourcing this activity to a third party using managed security services.
- Vulnerability scanning and network penetration testing. Conduct regular scans, especially after any significant changes are made to an external-facing application or system. Also, conduct annual penetration testing.
- Enhanced incident response capability. The more exercise or drills that are conducted, the better the response when a real event occurs. Organizations should develop “playbooks” to document response procedures to the various scenarios.