The days when cybersecurity could be written off as “this could never happen to me” is completely gone at this point in 2018. And that’s especially true for hospitals and rural healthcare.
You see, cybercriminals perceive rural healthcare as being low hanging fruit for cyberattacks. Instead of sending out broad nets hoping to get anyone to fall for attacks, what many criminals have found is rural hospitals and rural healthcare organizations to be quite easy targets.
With new malware and inventive ways to hack into systems emerge practically daily, prompting a growing need for hospitals to invest in updating their security—both infrastructure, software and policies and procedures.
It also means that newly devised attacks (in the cybersecurity industry these are known as zero-day exploits, since they have never been seen before) will certainly be dangerous for hospitals like yours and will require you ensure your security is advanced enough to adapt to new tactics and threats.
One of the biggest ways you can prepare is by making sure your gate is locked and that the keys are not in plain sight at your doorstep.
Today I want to focus on one big way many rural hospitals leave their doors wide open to cyberattacks and how easily it is to prevent most attacks. The heart of this issue is related to password credentials and why having escalated privileges on your network might not be the best idea.
First, what is a privileged user account?
Basically, privileged users are any users with some sort of non-restrictive access to your systems. Such accounts provide users with the ability to access and modify critical system settings or view restricted data, for instance.
Privileged accounts come in many flavors.
There are a variety of different types of privileged accounts, each designed to fulfill a specific purpose. The easiest way to classify a privileged account is by the scope or amount of access it is allowed:
Domain or administrator accounts—these types of privileged accounts give administrative access to all workstations and servers on your domain. Accounts with this type of access have the highest possible privileges in your organization.
They have the ability to control your systems and manage other accounts on your systems. Do you know how many people have these accounts in your hospital?
We’ve found nearly a dozen users with administrator accounts and most of the time they are using this account for day to day use.
The problem with this? If a hacker fools any of your administrators with a phishing attack or some other scam, they have carte blanche access to your entire network, patient records, etc. Is this worth risking? Consider evaluating and monitoring use of administrative accounts. And make sure they are only used when absolutely needed.
Local accounts—these types of privileged accounts give administrative access to a single server or workstation. They give the person with those privileges full control over the system.
These are often used by IT specialists to conduct maintenance on the system (apply updates, patching, etc.). If your typical user has administrative access to their machine they will be able to upgrade it without your IT knowing.
This could potentially cause conflicts with your security policies and/or jeopardize your system if the user installs suspicious applications on their computer.
In most instances, best practice would be to grant typical users lower privileges—even on their workstation—to ensure hospital-wide standards are being maintained.
Application-level accounts—these types of privileges give administrative access to specific applications. They can be used to access and manage databases and perform, setup or maintain them.
The users of this type of privileged account are given control over the data inside the application. This type of access may open the door to considerable theft of sensitive information (think access to your EHR records).
What’s the danger of privileged user accounts?
In any of the above instances, having elevated privileges allows users to perform or have access to performing a variety of malicious activities—from data misuse to completely compromising your systems. If a user accidentally gives access to a hacker or grants access to a third party vendor, they too will be able to compromise your network.
Elevated privileges—either normal day use of them or to people that don’t really need those privileges—is really risky business because you’re essentially weakening your network to potential risks (and if you have many people with these sorts of privileges, you may be opening yourself up to considerable numbers of attacks).
What can you do to address privilege security issues?
Ultimately, effective security includes effective privilege user management, control and monitoring. Consider employing the right people the right tools and access to ensure your hospital is not risking your data.
Privilege user account management—make sure that all privileged users in your organization are accounted for and that you don’t have users with unnecessarily high privileges. Routinely (at least annually) comb through your user privileges and evaluate who needs elevated privileges.
Privilege user access control—you should know who has access to privileged accounts and for what purpose. These accounts should have smart password management, multi-factor authentication and access monitoring to ensure they are being accessed by the right person.
Privileged user monitoring—consider recording what users do while in privileged accounts to understand suspicious activity. This will give your organization better visibility on when a user’s account is compromised.
Are you sure your hospital is keeping your users secure? Will hackers be able to crack your privileged accounts and lock down your network? Contact Us Today for a free ransomware vulnerability assessment.