Hacker Attacks: Tips for PreventionFTC expert outlines key steps
Alain Sheer, senior attorney in the division of privacy and identity protection at the Federal Trade Commission, says healthcare organizations preparing to comply with the toughened HIPAA Privacy Rule under the HITECH Act should adopt a series of anti-hack measures.
The best way to prevent an intruder from attacking a network, Sheer says, is to take a "defense in depth" strategy that involves "multiple defenses at multiple stages."
His advice is based on the steps that 27 organizations in other industries that have been victims of major hacker attacks failed to complete.
He advises organizations to:
- Use anti-virus software and update it regularly;
- Make sure intrusion detection is activated for every part of a network;
- Update or patch all application defenses;
- Log all network traffic so an intrusion can be tracked;
- Frequently review scheduled tasks slated to run on the network, such as periodic downloads to another IP address;
- Review newly activated user accounts for signs of intruders;
- Regularly investigate all tools used on the network to increase the odds of catching a tool installed by hacker;
- Avoid storing sensitive information, such as credit card numbers, in clear text or in a vulnerable format.
Sheer made his comments May 12 in Washington, D.C., at the conference: "Safeguarding Health Information: Building Assurance through HIPAA Security," sponsored by the HHS Office for Civil Rights and the National Institute of Standards and Technology.