Healthcare organizations have to implement a broad range of controls to ensure Protected Health Information (PHI) and Personally Identifiable information (PII) is kept secure; recently computer networks have come under scrutiny with this in mind we have listed some basic healthcare network security tips.
The tips are based on Health Resources and Services Administration (HRSA) recommendations, which can help healthcare providers avoid data breaches and HIPAA violations.
Basic Healthcare Network Security Tips
A golden rule of security is ensuring a perimeter of defenses is installed, with a secondary line of protections in case the perimeter is breached.
However, oftentimes some of the simplest protections are overlooked. The healthcare network security tips below were issued to ensure that common security vulnerabilities are identified and addressed.
- Install robust perimeter protections – There are a number of ways the perimeter can be enforced. A robust firewall should be in place to prevent intrusion and any existing firewall must have its rules checked to ensure only legitimate traffic is permitted.
- Install an Intrusion Detection System – Perimeter breaches will occur, so it is essential to identify them quickly when they do. An Intrusion Detection System (IDS) is essential. When traffic matches the signature of known attack networks, it is automatically dropped.
- Use Network Segmentation – (Don’t put all your eggs in one basket) – It is essential that data is segmented so that a breach on one server does not necessarily mean all stored data is compromised. An EHR should be separate from other systems. Only systems that must have EHR access should be connected to it.
- Check Access Rights – Users of EHR systems do not often need to be given administrator privileges. Conduct an audit to make sure that access rights are appropriate: Access should be limited to the minimum necessary information and on a need to know basis.
- Conduct Workstation Audits – Audit all workstations that have access to an EHR or PHI and ensure that each has all of the appropriate protections in place, such as patches, upgrades and up to data virus protection, to ensure the security of the network to which the devices are connected.
Protecting Networks from BYOD Risks
Many healthcare providers have started to embrace BYOD schemes, which can cause headaches for healthcare IT departments, CISOs, and CIOs who must ensure that the appropriate protections are put in place to secure the devices. The addition of hundreds if not thousands of additional networked devices adds considerable risk.
Fortunately companies that get their BYOD schemes right can really reap the benefits, but for that to happen the correct infrastructure needs to be put in place. It is now possible to control everything centrally and an administrator can ensure BYOD devices are secured and managed using a set of programmed rules. It is possible to easily control what can be done, by whom, and on what devices, and it is now possible to integrate network security components, including Network Delivery Controllers (NDC) and Application Delivery Controllers (ADC).
However technology changes fast and so do the threats, so it is essential that CISOs, CIOs and IT staff are kept up to date on the best protections to ensure that PHI and PII remains protected at all times.