Laptop vulnerabilities still pose great security risk to health data
New research from the Clearwater Cyber Intelligence Institute finds that laptop computers continue to present substantial data security risk for the healthcare industry.
Clearwater operates a database that holds millions of risk records from hospitals, delivery systems and business associates. Data mining and informatics teams at the firm use analytics to identify common security weaknesses in provider organizations, insurance companies and other entities.
The firm’s analyses show that endpoint data loss is the top vulnerability confronting laptop users because of continuing deficiencies in three important controls.
* Nearly all laptops are deficient in locking down external ports such as USB, CD, DVD and Firewire. This prevents users from exporting sensitive data to external storage media.
* Two-thirds of laptops have deficiencies of users storing data locally instead of accessing the organization’s programs and data via secure virtual desk software that includes Citrix Vitual Apps, Desktop or VMWare Horizon.
* Further, 53 percent of laptops have deficiencies in data loss prevention tools that are designed to scan all communications traffic to keep sensitive data from being sent to unauthorized users.
It may seem like a given, says Jon Stone, senior vice president for product innovation, but the question that hospitals and health systems need to be constantly considering is whether it is known for certain that the security measures adopted have been properly implemented and if the risk ratings associated with the controls bring the right level of attention to the major risks.
However, several tools and processes can quickly improve the security posture of laptops, according to Stone.
Data loss prevention tools scan all communications traffic to prevent sensitive data from being sent to unauthorized users. A user activity review should be done periodically by scanning system and application logs for suspicious user behavior.
User permission reviews detect dormant user accounts that should have been disabled or deleted when a user no longer had access. Also detected are user accounts with excessive user permissions, which may give users access to data not required for their roles.
A log aggregation and analysis program will automatically collect and evaluate application logs across the enterprise and scan the logs for suspicious activity.
“Because of the difficulty in manually scanning such logs and detecting anomalies, using such automated log aggregation and analysis programs are generally considered the only truly viable means of effectively scanning systems and application logs for possible trouble,” Stone advises.