Clearwater CyberIntelligence Institute (CCI) has analyzed security risks in healthcare and found that laptops pose a serious threat to medical centers, health systems, and their vendors. CCI ranked laptop computers as the 6th top source of risk for healthcare companies, based on the following reasons:
- Laptops are portable and can therefore be easily stolen or lost.
- Laptops allow remote access to healthcare systems’ networks.
- Many healthcare organizations are unable to keep track of how employees use laptop computers
The CCI research study showed that there are three areas where 70% of high and critical risks exist: Dormant accounts (17.8%); excessive user permissions (22.4%), and endpoint data loss (29.9%).
Endpoint data loss is the most serious risk. It was rated critical because of the volume of vulnerabilities in this category. 98.9% of laptop computers had vulnerabilities associated with the inability to lock down external ports like CD, DVD, USB and Firewire. As a result, it is easy for users to copy data from laptops onto portable media.
63.3% of devices didn’t have controls to stop local storage of sensitive data by users. Healthcare companies can fix this vulnerability by utilizing virtual desktop software programs to access the organization’s data and applications. When sensitive information is not saved on a laptop’s hard drive, it is possible to avoid data exposure in the event that the device is lost or stolen.
52.7% of laptop computers were not secured by tools to stop loss of data and prevent unauthorized persons from accessing sensitive data. Tools are available that can scan internal and external system traffic to boost security.
Control insufficiencies were found in high numbers of laptop computers. 100% of those analyzed had inadequacies associated with user activity evaluation, 97.73% of organizations did not conduct user permission reviews, and 91.57% had inadequacies in log collection & analysis.
It is crucial to regularly check user activity to detect anomalous behavior which can be a sign of an attempted hack or an insider breach. User permission evaluations are necessary to identify dormant accounts to allow IT teams to deactivate them and also ensure that user permissions are set correctly. Security data and event management apps should also be employed for log collection and analysis to identify suspicious activity.
CCI recommends that all healthcare companies examine their laptops, by means of a comprehensive risk analysis, to find out if the aforementioned controls have been implemented corectly, whether risks have been reduced to a reasonable and acceptable level, and to make sure that dormant accounts have been deactivated, excessive user permissions have been addressed, and endpoint data loss mechanisms have been put in place.