Design I.T. Solutions, Moscow Family Medicine Custom Interface Options, and Network/Systems Security for Your Centricity Environment
Design I.T. Solutions,
Moscow Family Medicine
Custom Interface Options,
and Network/Systems
Security for Your Centricity
Environment
Who We Are – Daniel Schwartz
Health Care I.T. Consulting
I.T. Management Services Engineering Services
VoIP Services Help Desk
Custom EMR Support • Scripts, Interfaces, etc.
Who We Are – Mary Glaze
Urgent care Full scope family practice
University of Idaho Student Health Center
University of Idaho Athletics On Centricity for 18 years
Current version CPS 12.0.10
Custom Interfaces
Ransomware
Backups
Security (prevention)
Darkweb Scans
Topics
Custom Interfaces
Can send data to HIE
Can translate data between sending and receiving systems
Allows disparate systems to integrate data
Can take any SQL data and transpose it to another SQL system
Can take non HL7 Information and transpose it to HL7 for importing
Example Interfaces
CPS to Pyxis Medication System
KEAN LTC medications to CPS as a document
IHDE full data integration with inbound and outbound patient data
Automatic Immunization registry data importing and exporting
Lab results from outside (or inside lab) auto import to chart and populate the
flowsheet
340B Drug Discount Program
New system preloading with CSV to ADT
Hospital to PCP data exchange
Encrypts files it has access to
This includes any network resources the active user has modify rights to
Newer versions have the ability to:
Encrypt backups
Embed themselves in backups over time and launch when it sees the cycle is complete
Destroy shadow copies
Put unencrypted copies of files on public websites
Ransomware
Gives the user a timeframe to pay for an encryption key
Many versions now let you test unencrypting a file to prove the ransom is worth it
After a set amount of time, the ransom goes up
Files may be released to public domain if no ransom is paid
White-label, script kiddy friendly
Fastest increase in ransomware yet
Ransomware
Example Screen of Ransomware
Ransomware
Source: Symantec
56,000 ransomware
infections in March Ransomware costs
FedEx $300 million in
lost production
FBI report put
ransomware at over 1
billion dollar source of
income for cyber
criminals last year.
Number of attacks per month this year
Roughly 80% of all organizations are confident that their backup can provide them with
complete recovery
Less than half of ransomware victims fully recover their data, even with backup
Unmonitored and failed backups
loss of accessible backup drives that were also encrypted
loss of between 1-24 hours of data from the last incremental backup snapshot.
Ransomware
31%
28%
24%
4% 3%
1%
9%
0%
5%
10%
15%
20%
25%
30%
35%
Email Link Email Attachment Web Site Social Media USB Stick Busisness App Other
Ransomware Dispersment
Ransomware Dispersment
Ransomware
Source: Osterman Research, Inc
Centricity Database
Backup the SQL backup files
Use integrated SQL backup solution
Docutrack (Document Manager) files
PDF, Tiff, txt, etc. that are indexed to a network share
Docutrack, ESM, Patient Portal and other Databases
Archives/Scanned documents
Any other electronic documents worth keeping
Anything your business needs to function
What should you Backup?
Multiple Backup Options:
Automated
Offsite
Encrypted
Compressed
SQL Native
Dynamic
Adaptive
Shadow Copies
Types of Backups
Ransomware can hit anything on the network it has access to
Using network visible media can allow the backups to be encrypted by ransomware
Network visible OS
Network share
NAS
Using a backup solution that has a proprietary agent to access backups on each device is
the best option
Backups are not susceptible to encryption
Proprietary vs Network Visible
Barracuda
Have a hardened appliance that connects to proprietary agent running on servers
Can integrate with Vmware, Hyper-v, SQL server and exchange natively to optimize backups
De-duplicates, compresses and encrypts data on the appliance before sending a copy to cloud
storage
Carbonite Online Backup
Backs up directly to cloud from each computer
Proprietary Backup Agents
ANYTHING offsite must be encrypted
If you take hard drives/tapes offsite, the media must be encrypted
Data leaving premises must be encrypted in transit and at rest
You must keep records for anywhere between 7 and 21 years
Your old EMR/PM system needs to be accusable, back it up too
Backup Requirements
Next-Gen Firewall
Spam Filter
OS Hardening (Security Updates)
User Education
Security
Contain all the functions of a normal firewall
Add additional OSI layer (TCP/IP Layer) filtering
Layer 7 interaction filtering
Policy per group/user/computer
Can help stop compromised systems from getting out
If your firewall is 2 or more years old, its time to upgrade
Normally firewalls last 5 years, but older than 3 most likely does not have the latest
technology
Routine firewall updates
Next-Gen Firewall
Depending on the Vendor, it can secure/wipe/monitor remote computers
Allows for extensive web shaping
Control who can get on social media or other potential virus spreading sites
Has site ratings to block known compromised sites
Usually updated daily-weekly.
Next-Gen Firewall
Next-Gen Firewall
Next-Gen Firewall
Keep spam filters up to date with latest patches
Monitor outbound spam filter for possible unknown infections in your network
New Sandbox technology will execute attachments in the cloud to test for
macro/virus/worm payload
Can be used with all e-mail providers including office 365
Can be cloud based or appliance based service
Barracuda offering CHUG attendees discount through Design I.T. Solutions
Spam Filter
Spam filter
OS Hardening
OS Security Updates (weekly)
Security updates for applications you use
Java
Flash (will diminish over time with HTML5)
Acrobat
Word/Excel (Macros)
Browsers
Firewall/VPN software updates
Logging
Helps to find out what happened
Shuttle them to a log server for easy review and safe keeping
Retain them from firewalls, network servers, network entry point locations and
network devices
Antivirus
Keep Antivirus up-to-date
New Antivirus has additional management of application security vulnerabilities
Patch Management
Should be server-managed for best control
Remote Access
RDP Exploit
Do not allow direct access from internet to port 3389
VPN Client or SSL access is best
Most firewalls have remote VPN capability, use it
Setup with AD integration and Group membership is best for management
Citrix and RDWeb access (through port 443) are both great options
Bring Back the DMZ
Trends are eliminating the DMZ, but this plays a critical role in interior security
Service Accounts
Should be used for all non-user accounts
Create OU just for service accounts
Set a GPO to lock out interactive login and other non-essential account
functions for these accounts
Time for Access
Limit accounts to daytime access for those it can work for
AD setting on each user allows ability to restrict access times
Limit access to only specific computers as well
Limit VPN access times
Limit guest and internet traffic based on policy and type
Users makeup the largest vulnerability in your organization
Inexpensive to mitigate
Staff meeting reminders
Quarterly reminders via prizes
Network Policies in place to help
Change passwords, don’t write them down
Not to frequent, not to infrequent (no less than 75 days, no more than 120)
Have users double short passwords to help them remember long passwords (Caps on the first, number at the end)
Passwords should be 10+ characters
User Education
Risk Assessment
Besides HIPAA compliance risk assessment, companies should have a full network review
done yearly to check for:
Backup misconfigurations
Firewall enhancement opportunities
Network improvements upgrades
Encryption opportunities
Dark Web
The Darkweb is a compilation of sites that allow for criminals to trade goods
and services
This includes your logins and passwords
HEALTHCARE BREACHES
An average of at least one health data breach per day
Reported 176 insider incidents for healthcare Organizations.
Insider-error affected 758,281 patient records and insider-wrongdoing affected 893,978.
4.2 BILLION email account credentials and 85 MILLION stolen PII records (drivers license,
SSN, DOB, etc.) for sale on the Dark Web
THE COSTS ARE STAGGERING
Global cost of data breaches will reach $2.1 TRILLION by 2019.
73.18% of US Population with at least 1 compromised credential found within the Dark
Web: (237,736,346).
2017: $380 per stolen record, global average was $141
THE BIGGEST RISK
58% of incidents involved insiders
Healthcare is the only industry in which internal actors are the biggest threat
Attacks are driven by financial gain
Ransomware was involved in 70% of the publicly broadcast healthcare breaches
27% of incidents were related to PHI (personal health information) printed on paper
21% of incidents involved lost and stolen laptops containing unencrypted PHI
*Verizon 2018 Data Breach Report
HEALTHCARE WORKERS
25% of healthcare workers show a lack of phishing email awareness.
24% of healthcare workers had trouble identifying common signs of malware.
26% of surveyed healthcare workers opted to log into unsecure, public wifi to complete
work tasks.
*Healthcare informatics 2017 Breach Report
THE HUMAN FACTOR IS KEY
Same or same root password
76% of people will use the same password for most, if not all, websites.
Would you like a darkweb scan?
Questions?
Daniel Schwartz
Design I.T. Solutions – 509-534-4874 xtn 400
Mary Glaze
Moscow Family Medicine Division - 208-892-7505
Contact
Meraki Firewall
Barracuda Spam Filter
Barracuda Backup
Live Data