By Simon Clephan, VP, Strategic Alliances, AppSense
Healthcare professionals need to spend time focusing on patient care, not technology. They need mission-critical applications to just work — quickly and reliably. Unfortunately, IT wellness, so to speak, faces a new and growing threat, one that can cripple entire healthcare organizations, impact patient care, and lead to costly system repairs. That threat is ransomware and related malware.
These vicious cyberattacks show no signs of diminishing. In fact, ransomware has become so pervasive a threat the U.S. Health and Human Services Office for Civil Rights has issued guidelines related to HIPAA to help healthcare organizations understand ransomware and what has to be done to prevent it. One of the guidelines is to limit user access to EHRs. In the public discussion following the news, an important point was made: ransomware gets in through people, not through operating systems. All the guidelines in the world will not prevent an employee accidentally opening a phishing email or clicking through a link and enabling a destructive malware or ransomware attack.
What can be done to prevent ransomware? In the HIPAA guidelines, one of the recommendations is more user training, which is certainly a good practice. However, to provide a more consistent and thorough defense against ransomware, healthcare organizations need to do a wellness checkup of their security infrastructure to determine whether they have made full use of the technology that can help prevent these costly attacks. Areas of examination should include the endpoint, the user level, where ransomware attacks occur, and the security implications of Windows 10 migration.
As an example, the Boston Public Health Commission (BPHC), the country’s oldest public health department, has begun transitioning to application virtualization and profile virtualization for efficiency and cost savings as their existing desktops have become obsolete. With a small staff, 31 locations, and 1,200 desktops, virtualization was the answer to modernization. While moving to the VDI environment, IT Director Jeff Beers noted they have seen 10 to 15 computers hit with ransomware. The VDI environment escaped the first attack, but it’s possible the next ransomware attacks will be more critical and widespread.
Here are some of the ransomware and malware preventive medicine healthcare IT executives are moving toward deploying to strengthen security.
As professionals work on different devices, user context looks at where the individual is working, how they are working and what they’re working on, to determine which applications they can execute.
For healthcare organizations with compliance pressures, it’s important to put a patch strategy in place so that IT can patch the OS and make sure it’s running the latest version, as well as patch the applications to make sure they’re running at the correct levels.
Healthcare professionals often hear doctors talk about tap, turn and treat. They want a usable and effectively-organized screen, along with fast-loading images and information. They need to be able to turn to the patient and start treating them without delays or technical difficulties.
In moving towards a virtualized environment, healthcare organizations need to provide this level of efficiency, so there is no room for ransomware or malware attacks disrupting patient care. By putting in place trusted ownership, privilege controls and planning for the impact of Windows 10 updates, healthcare IT can be ahead of the game in protecting the security of the organization’s vital activities.
About The Author
Simon Clephan manages the Strategic Alliances program for AppSense, now part of the LANDESK family, with a particular emphasis on Healthcare providers and partners. Clephan has more than 25 years of experience in the enterprise software industry, and has been in the User Environment Management marketspace for more than 15 years.