Based on the new Inspector General’s report that criticized
government contractor’s USB drive security practices, healthcare organizations
should be reminded to control mobile storage devices.
USB’s can be plugged into any computer, thus placing
organizations at risk for breaches and possible fraud not to mention the spread
of malware and inappropriate downloads.
An IT security consultant suggests that healthcare
organizations must pay closer attention to their USB policy’s as they are an
easy source of data leakage. He
suggests preventative measures such as restricting how ports can be used and
encrypting USB devices should be the very first steps taken to protect hospital
data.
The Department of Veterans Affairs have taken a proactive
approach and have already limited the number of operating ports available on
computers in addition to carefully monitoring medical devices that also have
USB ports. Regular scanning for malware
is also conducted to further protect patient data.
A few tips were recommended to improve USB security.
1.
Only purchase encrypted USB drives and supply on
a must have basis.
2.
Configure drives to only recognize drives issued
by the IT department.
3.
Prevent auto-run of executable programs from the
USB port.
4.
Monitor USB port activity and encrypt any data
transferred to a USB>
In my experience, hospitals are becoming much more aware of
USB devices. Biomed departments are
struggling with maintaining some medical devices due to USB restrictions. Some software and configuration tools have
been found to not work due to encryption.
This is a catch 22 for hospitals because they must protect patient data,
but in the process security measures can get in the way of patient care. There’s no silver bullet in this type of
situation, but technicians must become creative at times to work around
security measure in place.
Article Referenced:
http://www.healthcareinfosecurity.com/improving-security-for-usb-drives-a-5851
No comments:
Post a Comment