In our post New reality: EMRs held hostage we discuss the Australian medical center that had their EMR encrypted. The hackers then demanded $4,000 ransom to decrypt the EMR. Let’s take a look at how something like this can happen. The more you know about how hackers can get into your network the better you can protect yourself.
Remote Access is great. It allows employees to work from home or while traveling. Remote Access allows an organization to be much more productive because work doesn’t stop at 5pm anymore. The down side of remote access is that it exposes your network to hackers. Most organizations don’t use traditional dial-in remote access anymore. Remote entry to a network is made through connections via the Internet. The downside is that your front door to your network is sitting exposed on the Internet. Anyone can come knocking and some people will come looking to break in. Here are some typical remote access products that tend to be used:
- Microsoft Terminal Services / Remote Desktop
They are hundreds of other products but these are some of the most popular.
Remote Access by itself does not cause networks to be hacked. Again Remote Access is like your front door on the Internet. By default most products require some sort of authentication before they let you access the network. Usually that authentication is your network User ID and Password. User IDs and Passwords tend to be the weak link in security.
Hackers have automated tools that let them continually try to penetrate a network. Look at it this way, Remote Access is your front door to the Internet and the hackers have tools that pound on that door over and over and over until they eventually break in. These automated tools try different User IDs and passwords. They use dictionaries of words and phrases to guess passwords.
Many times network administrator User IDs are Administrator or Admin. These automated tools can try those User IDs and then try hundreds or thousands or millions of different passwords or phrases until they eventually break into the network. The programs will also try common names such as [email protected] or [email protected]. The take away here is that these automated programs will try different User IDs and passwords over and over until they eventually get in.
Hackers also look for vulnerabilities in servers and systems that they can use to force entry into a network. If your servers are exposed to the Internet such as a Microsoft Exchange server, hackers might try various known vulnerabilities to compromise the server and use it to access your network. Once inside your network they can try to steal or destroy your information.
Other vulnerabilities focus on the desktops and applications. There are thousands and thousands of known vulnerabilities in the products that we use every day. These include Microsoft Office, Adobe Acrobat, Internet Explorer and practically every other program in use. Many times these vulnerabilities are exploited as a result of going to a website that has been previous infected with some malicious code. That website then spreads the malicious code to the Internet browsers or desktop of the person visiting the infected website. Once the malicious code in on a desktop it is on your network and can try to access data on other computers within your network. Vulnerabilities are also exploited via malicious emails that try to get a person to click on a link or download a program that contains malicious code.
How to protect yourself
Now that you know several of the ways that hackers can penetrate your network let’s look at some ways of protecting yourself and your network.
- Lock down your Remote Access. Make sure that you use Remote Access that requires strong authentication. At the minimum authentication should require a valid User ID and Password. But many times authentication can go beyond passwords and can require security tokens, use of codes that are sent to cell phones via text messages, etc.
- Implement strong password policies. As was previously described, hackers try to crack passwords by trying different passwords over and over. The more complex a password is the harder and longer it will take to crack a password. Implementing account lock outs will dramatically help reduce the likelihood of an account being cracked via these automated tools. Account lock outs, lock a person’s User ID after a number of failed passwords. If the lock out is set for 5 attempts the account will be disabled after 5 failed password attempts. The account can only be re-enabled by a Network administrator. It is very unlikely that a hacker can crack a password in 5 attempts especially if passwords are complex and difficult to guess.
- Patch servers and use up to date software. Servers should have security patches applied to prevent vulnerabilities from being exploited. Make sure your IT people diligently apply security patches. In addition, the latest versions of software should be used. This is especially true with Internet browsers. The Internet browser is a common weakness that hackers exploit. Running an older version of an Internet browser will increase the chance that your desktop will be penetrated and a vulnerability will be exploited.
- Be careful of links within email. More and more emails contain malicious links that try to get a person to click or download something that will penetrate the desktop and gain access to a network.
Want to learn more about simple and inexpensive steps you can take to protect patient information? Download our free guide: 5 Simple and Inexpensive Tips to Protecting Patient Information