Cybersecurity and Electronic Health Records
EHR as a critical target
By Charles Parker, II
In the enterprise/traditional IT, there are the production networks. These must be up and operating at
all costs. Without this in the business operations, not much is produced or sold. As a tool to defend
against ransomware and other attacks, there are dedicated backups, policies, and procedures. In a
perfect world, these would be checked periodically not only to verify they are present but also the
backup data is viable when used.
In hospitals, there are EHRs (Electronic Health Records) used several times a day by the nursing staff for
patient care. Among other data, these hold the patients’ prescriptions and dosage, which the nursing
staff cannot get wrong. Liberty Hospital in MO recently had a cybersecurity issue with their HER. They
were able to get this back up and running. This purely exemplifies the need for HER backups. Imagine
you are the administrator for the hospital or rehabilitation center. You get the call at 4pm on Friday
from IT. The staff member starts with “We have a problem.” Of the next few sentences, all you
remember is “encrypted” and “ransomware”.
While taking time and resources to try the backup, this option is certainly better than finding out the
backups are not viable after the attack begins. Wondering if the backups are viable in our present
environment is not optimal.
About the Author
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries
Comentários