TRENDING:

Hacker Attacks: Tips for Prevention

FTC expert outlines key steps Howard Anderson (ismg_editor) • May 13, 2010    
Hacker Attacks: Tips for Prevention
Although the list of major healthcare breaches reported to federal authorities so far does not yet include a large-scale hacking incident, organizations should nevertheless take preventive measures to avoid such attacks, a federal privacy expert says.

Alain Sheer, senior attorney in the division of privacy and identity protection at the Federal Trade Commission, says healthcare organizations preparing to comply with the toughened HIPAA Privacy Rule under the HITECH Act should adopt a series of anti-hack measures.

The best way to prevent an intruder from attacking a network, Sheer says, is to take a "defense in depth" strategy that involves "multiple defenses at multiple stages."

His advice is based on the steps that 27 organizations in other industries that have been victims of major hacker attacks failed to complete.

He advises organizations to:

  • Use anti-virus software and update it regularly;
  • Make sure intrusion detection is activated for every part of a network;
  • Update or patch all application defenses;
  • Log all network traffic so an intrusion can be tracked;
  • Frequently review scheduled tasks slated to run on the network, such as periodic downloads to another IP address;
  • Review newly activated user accounts for signs of intruders;
  • Regularly investigate all tools used on the network to increase the odds of catching a tool installed by hacker;
  • Avoid storing sensitive information, such as credit card numbers, in clear text or in a vulnerable format.

Sheer made his comments May 12 in Washington, D.C., at the conference: "Safeguarding Health Information: Building Assurance through HIPAA Security," sponsored by the HHS Office for Civil Rights and the National Institute of Standards and Technology.

Previous
NIST Contingency Planning Guide in Works
Next
Building Security Awareness Among Docs

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.