How to Avoid Becoming Cyber-Prey

Healthcare organizations can confidently protect their devices, data, identities, and documents with secure devices and tools.

istock 628328284 bp 2

The Wolf steals because he can, and he seeks out easy pickings. Lately, the healthcare industry has become a favorite target, and many organizations may not recognize they are most vulnerable at unprotected endpoints, such as printers and PCs.

Healthcare was particularly impacted by the recent WannaCry ransomware assault. The UK’s National Health Service had to shutter about 40 of the health trusts, “which resulted in operations being cancelled, ambulances being diverted and documents such as patient records made unavailable in England and Scotland,” according to a report in The Guardian.

WannaCry spread across 150 countries and many industries, but the UK NHS was particularly vulnerable because of the large number of Windows XP-based systems in use, even though that operating system is no longer supported.

But even the most up-to-date PC can leave a healthcare organization exposed if proper security measures aren’t implemented or are unenforced.

Unattended hazards

PCs generally stay unlocked if the user walks away and leaves the computer unattended. Because healthcare organizations by nature are accustomed to a constant flow of people, it’s particularly easy for a criminal to take advantage and utilize an unattended workstation to wreak havoc. A hacker who is physically present can simply sit down and gain access to any data across the network—or use a USB drive to upload malware.

Another often-unprotected device is the network printer, most of which feature USB ports with a direct path to the processor for code execution—a physically present hacker can upload malicious code that, when activated, can give the hacker many ways to exploit data.

“Unfortunately, printers have joined networked computers, laptops, tablets and smartphones as increasingly popular entry points for hackers and careless (or unscrupulous) employees to breach networks, steal sensitive data, or cause digital mayhem,” writes HP’s Enrique Lores.

Healthcare data attracts criminals

Any lapse in security represents a potential financial and reputational disaster for healthcare organizations. Because they store both personally identifiable information along with financial account information, they represent a lucrative target for cybercrime.

According to a recent HuffPost report, “Thieves can use stolen electronic health records to get prescription drugs, receive medical care, and file fake insurance claims. They can exploit Social Security numbers to file fraudulent tax returns, open credit accounts, and obtain official government-issued documents, such as passports and driver’s licenses. They can even create new identities.”

IT can help reduce risk by customizing policies for different USB ports and by designing a policy for USB ports to allow only specific document formats to be printed (e.g., only Word documents may be printed).

Other security essentials include:

  • Endpoint authentication controls
  • Data encryption
  • Strong admin passwords
  • Malware protection protocols
  • Regular monitoring and audits to ensure no endpoints—including printers—are left unsecured.

Healthcare organizations can confidently protect their devices, data, identities, and documents with secure devices and tools available from HP. For more information on pitfalls to avoid and solutions you can implement to protect your organization, visit HP Print Security.


Copyright © 2017 IDG Communications, Inc.