 |
| Credit – University of Vermont |
After the organization finally repaired the damage and recovered the network operations an assessment of the system’s cybersecurity measures found several shortcomings that could have at least minimized the damage. They shared their lessons learned in an article in the March 2021 ACR Bulletin.
In the incident, malware was loaded onto an employee’s off-network hospital laptop where it sat for two weeks waiting to be deployed. When the employee logged in via the VPN the ransomware quickly spread throughout the hospital network causing a system-wide outage.
Lessons learned:
- Segmenting the network would have separated the the most sensitive data from everything shared outside of the internal network. Without some kind of data separation a virus quickly spreads.
- There is a disconnect between vendors and IT departments. Too little attention is paid to security when new equipment is installed and configured.
- Adequately staffing your security effort must be a priority. A larger institution must have adequate internal expertise dedicated to managing security. Smaller practices may need to rely on outsourcing security operations
- Regardless of the size of the operation an incident response protocol must be put in place and must include a disaster management team charged with talking everyone through a checklist
- Ensure staff are trained in paper reporting and can revert to paper when needed.
- Create a paper directory for all staff that can be accessed in each department not just your own department
- Using multi-factor authentication and vetting security vendors is critical
- Staff training on recognizing Phishing and other attack techniques needs to be ongoing
- Make a plan for contacting patients when needed
- Contact equipment vendors about updating older systems and find out what support they provide in the case of a breach
Source: ACR Bulletin, February 23, 2021 published in the March issue
No comments:
Post a Comment