The Three Major Security Threats in Healthcare Essay Example for Free

The Three Major Security Threats in Healthcargon EssayNowadays Doctors and Nurses has several mobile devices in order to put forward patient role care. Virtualization is very important in providing adequate and affordable patient care in the rural health industry. Attempts to breach protective cover happen every day in our office staff. Preventing cyber-attacks and security breaches is a never ending battle in web security.IntroductionI am an IT professional focusing on communicate security in the healthcare industry. Every day we monitor the net income for phishing/pharming, DoS attacks, Trojans, and other security breaches. liquid Devices, virtualization and lackadaisical end- workoutrs are the biggest threats to network security. Mobile DevicesAn article in GCN says it best, Mobile devices are ubiquitous in todays society, and the number and types of devices used by physicians, nurses, clinicians, specialists, administrators and staff as well as patients and visitors is growing at healthcare agencies across the country. Nowadays Doctors and Nurses has several mobile devices in order to provide patient care.Cellph unrivalleds, laptops, and tablets are of the norm. I adviset remember the closing curtain time I had a doctors visit and the doctor didnt update my chart using a laptop or tablet. only of these wireless devices make the network vulnerable. In my opinion wireless security has always been the hardest part of the network to protect because there isnt a carnal connection that can be monitored. End-users dont always use secure passwords or they share passwords.At our agency an employee is not allowed to bring in a mobile device other than a personal cellphone to the workplace in order to reduce security breaches. The Office of Management and Budget, private Identity Verification cards had been issued to 3.75 million federal employees as of Dec. 1, 2010, or 80 percent of the government workforce, and to 76 percent of contractors who ar e eligible to use the cards, about 885,000 contractors.My agency uses Personal Identity Verification or PIV cards to gain access to wired devices on the network unfortunately that is not the trip for wireless devices. Although we have two-party authentication in place for all devices it would be nice to have tertiary layer much(prenominal) as a smart card or PIV card for wireless devices. I dont foresee a solution happening for a few long time due to the cost in an already financially burdened healthcare system.It is true that a reliance on off-the-shelf products means that there give be no PIV card readers available for workers signing on to check e-mail or read a document while out of the office. VirtualizationThe agency I work for specializes in rural healthcare therefore often they dont have the equipment or the staffing to complete tasks such as reading X-rays, providing behavioral health etc. Over the years we have had to implement Telehealth in order to meet these require ments.A patient in rural manganese may have his or her x-rays read by a physician in Billings, Montana. An individual may have weekly counseling sessions with a head-shrinker that is 500 miles away. Nowadays most healthcare companies use electronic health records to access patient information. Denial of Service DoS attacks happen when a navvy manages to overload a server to render it useless.A DoS attack is prevalent and damaging in virtualized environments and can preventsthe physicians and nurses from retrieving a patients information. If they are unable to access patient history to include what medications they are on or what they may be allergic to etc then they are unable to provide or give the wrong patient care which could be deadly. Therefore virtualization is very important in providing adequate and affordable patient care in the rural health industry.End-UsersOur agency has requisite computer security and security training every year in an effort to preempt attacks on t he network. This mandatory training is required to be taken by every employee including the IT segment. Attempts to breach security happen every day in our agency. Although we have security measures in place we have to constantly educate our end users on how to handle suspicious activity, password safety etc.Unfortunately there is always that one person that opens a suspicious email or shares their password or loses their token or PIV card and they dont report it. This makes the network vulnerable. I have always believed that end users are a companys biggest security risk. Allowing end users to access social media, personal email etc can allow for viruses to infect PCs servers etc. Once a virus is in the network it pull up stakes spread like wildfire which will cripple the network. PreventionWe use a lot of tools to constantly monitor the network to prevent DoS attacks, viruses, packet sniffing, phishing etc. We have implemented Websense as a means of policing what websites an end -user can surf to.We have firewalls in place to prevent end-users as well as outsiders from having access to IP ranges on our network as well as outside the network. We use access list on the routers as another layer of protection. We have penetration testers in our department whose only purpose is to look for packet sniffing and holes in the network.We have another group that monitors suspicious activity on the network such as a spike in bandwidth or an IP that is sending or receiving a large amount of information for specific length of time. Preventing cyber-attacks and security breaches is a never ending battle in network security. ConclusionHealthcare news states that Healthcare is driving the need for network security solutions that can cover multiple types of devices and infrastructure components. Although we are largely driven by the Federal Communications Commission and HIPPAA my department is constantly implementing new devices and measures to secure the network and protect patient and employee information. This takes constant training and a lot of due diligence to accomplish that goal.ReferencesAre mobile devices already making PIV cards obsolescent? Retrieved on October 13, 2013 from http//gcn.com/articles/2011/03/11/piv-status-update.aspx PIV Cards are in the hands of most federal employees and contractors, Retrieved on October 13, 2013 from http//gcn.com/articles/2011/03/11/piv-status-update.aspxTop Five Security Threats in Healthcare, Retrieved on October 14, 2013 from http//www.healthcareitnews.com/news/top-5-security-threats-healthcare