Hacker Attacks: Tips for Prevention

FTC expert outlines key steps
Hacker Attacks: Tips for Prevention
Although the list of major healthcare breaches reported to federal authorities so far does not yet include a large-scale hacking incident, organizations should nevertheless take preventive measures to avoid such attacks, a federal privacy expert says.

Alain Sheer, senior attorney in the division of privacy and identity protection at the Federal Trade Commission, says healthcare organizations preparing to comply with the toughened HIPAA Privacy Rule under the HITECH Act should adopt a series of anti-hack measures.

The best way to prevent an intruder from attacking a network, Sheer says, is to take a "defense in depth" strategy that involves "multiple defenses at multiple stages."

His advice is based on the steps that 27 organizations in other industries that have been victims of major hacker attacks failed to complete.

He advises organizations to:

  • Use anti-virus software and update it regularly;
  • Make sure intrusion detection is activated for every part of a network;
  • Update or patch all application defenses;
  • Log all network traffic so an intrusion can be tracked;
  • Frequently review scheduled tasks slated to run on the network, such as periodic downloads to another IP address;
  • Review newly activated user accounts for signs of intruders;
  • Regularly investigate all tools used on the network to increase the odds of catching a tool installed by hacker;
  • Avoid storing sensitive information, such as credit card numbers, in clear text or in a vulnerable format.

Sheer made his comments May 12 in Washington, D.C., at the conference: "Safeguarding Health Information: Building Assurance through HIPAA Security," sponsored by the HHS Office for Civil Rights and the National Institute of Standards and Technology.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.