Business Team Investment Entrepreneur Trading Concept
Business Team Investment Entrepreneur Trading Concept
5 critical components in protecting servers from breaches
Servers appear to be the Achilles heel of healthcare organizations’ data protection efforts. About 54 percent of all individuals affected by an information breach of a healthcare organizations were impacted by a breach involving that organization’s server, according to data on the breach portal of the Department of Health and Human Services’ Office for Civil Rights, culling security incidents from June 1, 2018, to May 31, 2019. A report this summer from Clearwater’s CyberIntelligence Institute says that, of the breaches in the previous 12 months, 90 healthcare breaches affecting more than 9 million individuals, were related to servers in some way.

It’s no wonder that servers are hackers’ prime target—they are a central repository of data and critical programs that are shared by users at healthcare organizations. Clearwater analyzed critical and high risk factors facing hospitals and health systems for a six-month period and found that servers topped the list of information system components responsible for these risks—in fact, 62.83 percent of all critical and high risks were a result of some inadequately addressed security vulnerability in servers. That far outstrips security risks posed by Software as a Service (SaaS), 17.06 percent; desktops or laptops, 10.5 percent; or all other risks, 9.07 percent.

Clearwater’s research found two key server vulnerabilities, and three important actions for organizations that want to fill these gaps.
Security Text with Padlock Icon - Red Button on Black Computer Keyboard.
Vulnerability 1: Dormant accounts
This security weakness occurs when the accounts of users who no longer require access to an application, device or system—usually because of leaving an organization or a job change—are not removed promptly. Dormant accounts can be conduits enabling unauthorized users to access data with little fear of detection, Clearwater contends.

Information security executives can prevent risks posed by dormant accounts by using security controls that disable accounts when a change in employee status occurs. Periodic reviews also can identify dormant accounts or their unauthorized use.
Business manager is touching AUTHORIZED on an interactive virtual control screen. Business metaphor and information technology concept for management of computer and network access control.
Vulnerability 2: Excessive user permissions
The risk of unauthorized access rises when information system users are granted more access or more system rights than the job they perform requires. This also violated the HIPAA Privacy Rule’s principle of Least Privilege. “Users with more system permissions than they require can inadvertently or intentionally access, change or delete sensitive records in an unauthorized manner,” the Clearwater report contends.

To prevent this type of vulnerability, “periodic reviews of user permissions by the appropriate system owner or manager can reveal users whose system permissions exceed what they require,” the Clearwater document notes.
6. IT System Show AdobeStock_96281862.jpeg
Computer or data analysis - Stethoscope over a computer keyboard toned in blue
Critical prevention step 1: User activity review
Manual reviews of system activity logs can be tedious, but the use of “log analyzer” software can automatically aggregate and analyze activity logs. These applications can detect anomalies, such a large numbers of records viewed, changed or deleted by a single user. But to correlate events occurring across multiple systems, security incident and event management (SIEM) software can more readily identify potential malicious activity caused by multiple system weaknesses, Clearwater contends. For example, by correlating network logs with application logs, “a security analysis program might show that an unusually high number of unauthorized record views had successfully logged into the application remotely from China.
4. Notify affected users.jpg
Critical prevention step 2: User account management
User account management entails automated coordination of user account access with systems that maintain user “position” (such as vice president, manager, line employee and the like) and “status” (such as employed, formerly employed, retired and more). Often, coordination is achieved through the use of identity access management systems that tie Active Directory access and group membership to human resource or payroll applications. “However, organizations that have their own programming staff have also been known to write their own PowerShell scripts to achieve the same functionality that many identity access management programs provide,” Clearwater notes. However, changes in employee positions and status must be recorded promptly for these efforts to succeed.
5. HDM97 AdobeStock_114563741.jpeg
Business manager is touching AUTHORIZED on an interactive virtual control screen. Business metaphor and information technology concept for management of computer and network access control.
Critical prevention step 3: User permission review
When organizations don’t use identity access management programs, manual reviews of user system permissions are critical. The number of system users and the frequency of user turnover typically dictate the frequency of such reviews, Clearwater indicates. “However, for those systems with 100 or more users, user permission reviews conducted at least quarterly are recommended,” its report suggests. “Where system access is also granted to students, a review of system permissions immediately after the end of a term or semester is also highly advisable.”
Want more.jpg
For more information
More information on the Clearwater CyberIntelligence Report on server vulnerabilities can be found here.