ASC Focus Nov Dec 2016 Digital Issue

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

FEATURE

Prevention through Education Since ransomware is often spread and delivered through computer user inter- action, such as by clicking a malicious web site or email link or by opening an infected email attachment, Camp- bell says user security training should be high on an ASC’s to-do list. Sanchez says he works to ensure that

his ASC’s staff is educated on cyberse- curity. “Our staff ranges from teenage nurse assistants to senior-aged doctors and nurses, all with different technology experience. Through meetings and train- ing, I try to educate them on the various cyber threats our ASC is facing and how to identify suspicious emails and links.”

Prevention through Technology Every ASC should implement foun- dational

security

If your strategy is just to protect yourself against becoming infected, that strategy will not be effective as cybercriminals will eventually find a way around the protection tools in use today. That is why you must have a strategy for how you will recover once you have been impacted.”

—Steve Campbell, Oppor Infrastructure An effective backup system, he controls, Johnson

advises. This includes firewalls; anti- virus, -malware and -spam software; and web content filtering tools. It is vital for ASCs to keep their security controls current, Campbell says. “Unless they are maintained and upgraded, they will lose their effectiveness.” Sanchez says he is aggressive when it comes to cybersecurity. “I made a rule on our server to block emails that have zip files or files with an .exe extension attached, which are common ways of transmitting malware.” Giles recommends the use of an

intrusion detection system (IDS) to monitor network activity. “You can configure an IDS so that if it detects information like social security num- bers or patient health information trying to go outbound. It will prevent the transmission.”

While these approaches can help

prevent an ASC from falling victim to a ransomware attack, they are not fool- proof, which is why it is essential for an ASC to have a data backup plan, Giles says. “If you do not know what your backup plan is, there is a good chance you do not have a backup plan.”

says, can help minimize downtime in the event of a cyberattack and elim- inate the need to consider paying a ransom. “I probably spend 10–20 percent of my time confirming our backups are occurring properly. I even go so far as to restore a backup to make sure everything works prop- erly. I try to do that at least once every quarter.” Campbell says all ASCs should

have two modes when it comes to data security: defend and recover. “You defend by evaluating your infrastructure to make sure your security tools and processes are up to date and functioning properly. You prioritize education so users know what not to do. You recover by hav- ing solid backup and recovery tools and processes in place that you know work. Then, if any of your defensive efforts fail, you have a solid plan to recover.”

Johnson advises the use of regular

third-party audits to assess an ASC’s vulnerabilities. “No IT department or services company is perfect. An unbiased audit can help detect issues in need of fixing before they lead to bigger problems.”

How to Respond In the event that you are infected with ransomware, Johnson says, your ASC should contact law enforcement, such as a local FBI field office, legal coun- sel and your IT department or provider. Then, Campbell says, you need to

fall back on the precautions you took before you were infected. “Learn about your backup options and what you can restore. Do you have something from the last hour, last day or last week? How much data are you faced with los- ing if you need to restore?” If you decide that paying the ran- som is an option to consider, Camp- bell says, it is sometimes possible to negotiate the price down or extend the length of time you have to pay. He says he hopes, however, that all ASCs take the steps necessary to avoid ever facing such a scenario. “Cybercrime is an arms race and

cybercriminals tend to win,” he says. “If your strategy is just to protect yourself against becoming infected, that strategy will not be effective as cybercriminals will eventually find a way around the protection tools in use today. That is why you must have a strategy for how you will recover once you have been impacted.”

ASC FOCUS NOVEMBER/DECEMBER 2016 15

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34