[Ed. Note: This post is co-authored by Vinod Mohan, a Product Marketing Specialist on the SolarWinds PMM team, who specializes in researching trends and happenings in IT management market space that impact our customers.]
It’s becoming a common occurrence that hospitals are being threatened with security breaches of their IT network infrastructure. This is a cause of not just worry, but alarm, requiring immediate corrective action.
The Gwinnett Medical Center in Lawrenceville, Georgia, was recently hit by a virus attack. In response to the attack, the hospital increased the security level in their endpoint security scanner delaying critical operations, such as patient admissions and online processing. Internal IT teams started working in tandem with the IT vendor partners to isolate the source of the virus and repair affected systems. After three days, the hospital had the situation under control and was able to resume using the computerized records system. The forensic results identified the pernicious virus as a worm infection, which could have spread rapidly across the hospital's network forcing IT to pull connectivity to avoid it spreading further with unknown consequences – including access to protected HIPAA PHI records. The most likely cause of the security breach was linked to the usage of a personal laptop or a hospital staff member’s USB stick.
The events bear a striking resemblance to a similar attack that hit New Zealand's St. John Ambulance Service. That attack disrupted the ambulance communications system, forcing administrators to revert to manual radio contact to direct staff to emergencies. And these breaches are no less menacing than the malware chaos at three NHS hospitals in the UK. As a precaution, computers were shut down at St. Bartholomew's, The Royal London Hospital and The London Chest Hospital resulting in a severe time delay on public medical services as the hospital operations had to resort to manual paperwork for admissions and other office work.
Hospitals are just one of the affected concerns. There are many other medical service organizations where a security breach in endpoint security could result in hacking private information and breakdown of critical systems affecting the health of the overall network and thus jeopardizing business operations and patient care.
Four Tips to Prevent Security Breaches Originating in Endpoints
- Centralize monitoring of all security systems Virus attacks hit hospitals even though many already have multiple layers of security deployed. Each of these systems operates in relative isolation from each other. Adding a centralized security event and information management (SIEM) solution provides a unique 360⁰ view of all of your security and operational systems. This view provides a unique vantage point to detect and mitigate attacks that individual security systems may miss.
- Automate security responses Security threats occur 24/7, from any location and device that has access to your network. It’s cost prohibitive to have IT personnel getting alerts and then responding to all of them manually. Automating responses to more common threats frees up personnel to focus on newer, and potentially more damaging, threats.
- Monitor and limit USB and personal device access The Gwinnett Medical Center virus attack entry point was probably a personal computer or hospital staff’s USB stick. Limiting access, continuous monitoring and automatic disabling of personal endpoints and USB devices reduces the probability of an attack.
- Perform detailed forensic analysis to find root causes Understanding the root cause is the first step in preventing a breach from recurring. Forensics analysis performed from a single console with a complete view of all your IT systems provides access to the pertinent data and accelerates finding the root cause. The ability to search and analyze log and event data from summary reports all the way down the raw log data is critical.