REMOTE ACCESS SECURITY

CODE BLUE

Immediate action suggested for healthcare security and IT professionals

Cyberattacks against healthcare increased 600% in last 10 months

September 2014 Source:

why?

September 24, 2014

Stolen patient records are worth 10 times the value of a stolen credit card.

Source:

$1 - $2 $10 - $20

The FBI issued a warning criticizing healthcare’s security relative to financial and retail sectors.

“the healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the

possibility of increased cyber intrusions is likely."

August, 2014

Let’s see how the financial and retail sectors are doing…

In September, JPMorganChase lost 83 million customer records

83,000,000 customer records stolen

56,000,000 credit cards stolen

In September, Home Depot lost 56 million credit cards

September 2014 July 2014 October 2014

and it’s one that makes healthcare especially vulnerable.

868,000 payment cards stolen

These high-profile retail breaches all resulted from the exact same attack vector,

216 locations

395 locations

November 2013

40,000,000 credit cards stolen

The cyberthieves compromised logins granted to 3rd party technology vendors.

You may be thinking:

An average hospital has more than 100 3rd party technology vendors.

They require remote access to deliver services and support to your application owners.

And they need powerful, elevated credentials, not regular user accounts.

100 vendors.

Each vendor has between 2 and 2,000 unique users that may need to access your network with an admin credential

Which means tens of thousands of unique users with access to your network

How are they getting access today?

About half have a login on your VPN

Which leads to logins being shared, your admin credentials written on sticky notes and

a very low level of audit for accountability.

The other half use WebEx or something like it

Which gives you very little in the security, control, or audit areas. Great products for end-user desktop

support, but not for enterprise software.

“It is abundantly clear that, in many respects, a firm’s level of cybersecurity is only as good as the cybersecurity of its vendors.”

How good is your vendor’s security?

October 21, 2014

5 suggestions for eliminating this vulnerability:

1)  Be aware.

Vendors are not typical users and should be treated as very special guests.

2)  Have a realistic policy

Insist on individual logins, demand accountability, but don’t expect a technician to send you a copy of her passport.

It’s not going to happen.

3) Integrate policy in your purchasing process.

Remote access should be negotiated before the vendor needs it. If your EMR system is down, your IT staff (or

someone else) is going to open a door that may be left open. The best time to negotiate access methodology is when the software is being purchased (amazing how accommodating

the salespeople are at that time) or when your maintenance / subscription agreement is being renewed.

4) Control the platform.

If left to their own devices, a vendor may choose a remote support method (often a simple screen-sharing tool) that

meets their needs more than yours. Your platform should support multi-factor authentication, provision granular access privileges, keep credentials private and audit all

activity at the individual user level.

5) Monitor vendor activity.

While it may not be practical to track every keystroke, a consistent audit of vendor remote access should create alarms when a server is accessed repeatedly, or large

files are being transferred outside the network.

Thank you.

Jeff Swearingen

Co-founder & CEO