As reported in Network World and from our own observations, there is a bit of trouble with unauthorized outbound information transmission from a variety of systems and software on business networks, including healthcare. Healthcare Providers are particularly susceptible to this, because they have more systems per installation than any other form of business. Most of the problems are covered in the article link above, so we’ll focus on the two that aren’t, and then talk about what we can do to help.
As discussed in the article :
- Security devices and systems transmitting configuration data and other information without consent or notice.
- OT devices like MRI machines and other systems, misconfigured or with their own security problems.
- Desktop operating systems like Windows 10, which is obnoxiously chatty with high risk components being transmitted.
- Rogue devices brought in by employees with good intentions, which unfortunately are not secure and transmit all sorts of good data.
Then there’s these:
- Applications, misconfigured or configured with malignant intentions in an unauthorized fashion by companies with poor practices or ethics.
- Good intentioned or bad intentioned users, transmitting all sorts of company data.
Email leaks are bad enough, but when systems and authorized users are transmitting data without our knowledge, it’s a serious blind spot. YOu can implement some form of data loss prevention, which should catch the leaks over common channels, but what about the systems and applications that are authorized and more difficult to find?
For these unauthorized data transmissions by personnel, you need manual review and monitoring. To catch data theft by systems personnel, you need to capture their activities and then validate them during or after the fact for bad activities. We’ve observed major players in the electronic medical records business transmitting large amounts of patient data back to their company systems without authorization. That needs to be squashed when it happens, so implement a process to make sure it doesn’t happen to your company.
For unauthorized transmissions by systems, you also need monitoring, but because it’s part of the overall activities, you can’t just watch when it’s happening, because you don’t know when it’s happening. For this, you need to capture and analyze traffic and build up a knowledge of what is normal so you can spot anomalies. It’s usually easy to profile an application and then locate any strange activity.
If you want some reassurance that your processes are catching everything, or you don’t have the resources to manage the verification process improvement on your own, please call us. Finding needles in haystacks is kind of our thing. We’ll be glad to help you figure out your needs and then map out business process improvements to cover them.
We’re the best at finding evidence of bad actors on your network. Call nowor email us at sales@ .