The Internet of Things (IoT) is leaving gaps that malicious software can exploit, bringing down extensive systems. The increasing frequency and severity of the attacks has healthcare systems and their supporting technology vendors on pins and needles.
Healthcare organizations may lose ability to access systems that are critical to patient care, in addition to affecting everyday use of patient portals. Because of dubious security in the IoT, everything from EHRs to drug infusion pumps could be taken out.
Organizations should perform scans of their networks for vulnerable IoT devices, continuously scan for compromised devices, apply security patches promptly to address known vulnerabilities and change all default passwords on every IoT device. Default passwords are easily guessed or can be found online. – HIPAA Journal
US Cert is once again the go-to reference for advice, with tips including*:
- Scanning for vulnerable IoT devices and performing risk remediation.
- Increase password strength, check username vulnerability.
- Update and stay on top of anti-virus and anti-malware, software patches.
- Get tough on the firewalls and allowed traffic.
- Segment networks for better isolation and access control.
- Monitor Port 48101 for suspicious traffic and IP ports 2323/TCP and 23/TCP for IoT control attempts.
- Double-down on security awareness, with renewed emphasis on WiFi exchanged data and remotely operated devices.
- Consider stronger email practices, including distribution of email addresses.
*We summarized the above US Cert tips, but you can see the specifics as well as information about the OCR warning here in the December 12th HIPAA Journal.
Apgar and Associates helps you on your compliance journey, including conducting a security risk analysis and creating risk mitigation and risk management plans. We’re now scheduling security risk analyses into Q2 2017. Contact us for more information at 877-376-1981.