Independent Practitioner Today: Bug Warning
|
|
Bug Warning Article in Independent Practitioner Today Magazine February 2009
|
Watch Out for Winter Viruses!
Computer viruses are more sophisticated than ever before – and private practices make an ideal target. Jaillan Yehia explains.
The potent combination of the economic downturn and continued growth in online transactions has led to more computer virus attacks than ever before. For private healthcare businesses holding potentially lucrative patient data, this means understanding the viruses, and reinforcing your guard against them.
Computer viruses are no longer the work of amateurs intent merely on wreaking havoc; today’s viruses are a multi-billion dollar industry, designed to cash in by gaining access to and selling on fraudulently acquired data.
These viruses, just like their human counterparts, are now intelligent enough to mutate and vary themselves in order to gain momentum and spread.
They are infinitely more subtle than previous incarnations and have a sinister and highly orchestrated agenda. Today’s virus sits silently and undetected in your computer, siphoning off important information, such as patient names, dates of birth, credit card details and passwords.
The virus may carry a payload that can use your PC to carry out illegal activities without your knowledge – whether it be hosting illegal pornography or unleashing spamming campaigns from your machine - activities that could land you in hot water while allowing the real culprit to escape detection.
Currently, hackers need just an IP address (your address on the internet) in order to attempt to hack into your machine. These can easily be obtained from a variety of sources and many hackers will speculatively attempt to guess IP addresses belonging to those with valuable data, such as private surgeons or GPs, who may have vulnerabilities in their security.
There are two types of hackers who may be targeting your practice: one will have a specific plan in mind – perhaps to gain access to your patient data and sell it on to an organised gang (hackers don’t tend to use stolen data themselves) who will then set about using that data for fraudulent purposes.
The second type of hacker is speculative - randomly attacking as many networks as possible until they find an open door. If you don’t adhere to the security measures set out below, your practice door may as well be wide open.
The way in which you are exposed to computer viruses, as with human viruses, is via contact with the outside world. In a private practice the key methods of contracting a virus are: email, the practice’s own website, visiting other websites, USB Sticks, and downloading software.
Prevention is better than cure – here’s how to stay virus-free:
1) Always have Microsoft Windows Updates running on each machine at the practice - these enable security patches to be administered to every computer in the event of a security problem. Without these you are wide open to viruses.
2) Use your central server to set all security policies on all machines. This prevents any member of staff from turning off Windows Updates or otherwise leaving you vulnerable.
3) Install anti-virus software on your email server to prevent viruses at source.
4) Install anti-virus software on all computers in case a virus slips through the net.
5) Use MessageLabs, a well-respected service which filters spam and guarantees to weed out all viruses without losing genuine emails.
6) Never allow USB sticks to be plugged into your practice computers - you have no way of knowing whether they contain a potentially fatal virus.
7) Use a router with a built-in firewall.
However, the weakest link in any computer security chain is you: the human being operating the machine. Computers have highly sophisticated security defences which automatically close and bolt most doors to your data - so remember: the best bet for a would-be hacker attempting to get a virus onto your machine is to convince you to open one of those doors.
___________________________________________________________________________
Jaillan Yehia works for Med+DBase Online Practice Management
www.meddbase.com / Tel: 0870 77 77 500