Catching a bug Medical providers beef up cybersecurity following ransomware, other attacks.
Byline: Martin Daks
Before anyone can log into the computer network at Holy Name Medical Center in Teaneck, they must pass through a multifactor authentication process that adds biometric and other security procedures to the standard username-password combination. "This way, even if a hacker has figured out the username and password of an authorized user, there are additional obstacles to penetrating our system," said Holy Name CEO Michael Maron.Before anyone can log into the computer network at Holy Name Medical Center in Teaneck, they must pass through a multifactor authentication process that adds biometric and other security procedures to the standard username-password combination. "This way, even if a hacker has figured out the username and password of an authorized user, there are additional obstacles to penetrating our system," said Holy Name CEO Michael Maron.
As more organizations go digital with electronic health records a requirement for hospitals, physicians and other health care providers since 2014 cybersecurity continues to be major concern. In one case, announced in late November, the U.S. District Attorney's office in Newark charged two Iranian nationals with extorting more than $6 million from hospitals and other institutions in New Jersey and elsewhere since 2014 in addition to causing more than $30 million of damage by using sophisticated ransomware programs to hijack sensitive information from computers and holding it hostage until the hackers were paid off in bitcoin.
Hospitals, however, aren't just sitting around and waiting to be attacked. Many, like Holy Name, are being proactive in protecting their sensitive data.
"In addition to taking steps to limit data access to authorized users, we also write our own software," said Maron. "It's more efficient, tailored to meet our professionals' needs and it actually costs less than buying 'off-the-shelf' products."
The institution keeps costs down by having offshore developers write much of the code, he said, "although as a security measure, they don't have access to our data. Then, before we roll it out, our own team of developers thoroughly tests the code in a secure environment."
The hospital also has strict standards governing its data storage, utilizing multiple firewalls to help keep out unauthorized access, "and we further segregate the data into multiple systems, so even if a hacker does breach our defenses, they will only have access to a limited amount of...
To continue reading
Request your trial