According to a 2018 Thales Security Report, a staggering 77% of US healthcare organizations have been breached at some point in time. And 48% of those breaches have taken place in the last year.

Cybercriminals are targeting healthcare organizations worldwide because their fast-paced environments and large attack surfaces often mean weak links are easy to find and exploit. With valuable private information and health records available, healthcare organizations can be very profitable targets for hackers.

The Healthcare Industry Under Siege

Due to the digitization of health records, the healthcare industry can provide a higher quality of service without increasing costs. As more paper records move to Electronic Health Records (EHRs), hospitals and medical centers can optimize their operational efficiency. There are many benefits to digitizing health records.

• Cost Savings: A University of Michigan study found that digital health records can reduce the cost of patient care by roughly 3 percent compared to using traditional paper records. Medical professionals don’t need to waste time on manual data entry.

• Mobility: Digital records and mobile devices are helping healthcare professionals provide enhanced patient care through alerts and remote assessments. Doctors in different locations can access the most up-to-date patient data.

• Accessibility: EHRs provide patients more access to their health records. They can proactively understand their conditions and consult more frequently with their medical caregivers. Most healthcare providers now offer online access to health records, billing information, and the ability to email doctors directly.

However, with these benefits also come risks when moving data to the digital landscape.

• Hacking: EHRs hold sensitive patient information and are a prime target for hackers. Doctors, patients, medical staff and administrators all access EHRs, providing more entry points for hackers to gain access. With the rise of Internet of Things (IoT) devices for monitoring patients and systems in hospitals and medical centers, hackers have more opportunities to find a vulnerabile entry point.

• Lack of Proper Data Protection: Often hospitals and medical facilities don’t have adequate network firewalls to segment the EHRs and medical data from IoT and guest devices. Next-generation firewalls can create separate networks for guests and IoT devices, minimizing the exposure if a breach were to occur.

• Ransomware: Digital healthcare data has become a part of daily patient care. Doctors and nurses depend on the information to provide proper treatment. Cybercriminals do not necessarily have to steal data in order to wreak havoc on their victims. The UK National Health Service (NHS) was brought to its knees due to the WannaCry ransomware which locked up computing resources.

Here are some recent cybersecurity breaches in the healthcare industry that are of note:

And the list goes on. As a result, the United States Health and Human Services (HHS) department has issued the “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP)” guidelines to help healthcare and public health organizations develop proper cybersecurity measures.

Proactively Protect Your Healthcare Network and Records

Implementing a robust cybersecurity strategy can be overwhelming. Untangle can help your healthcare organization, large or small, work through the intricacies of implementing network security best practices to safeguard your resources without breaking your budget.

Network Segmentation: Untangle’s NG Firewall platform can create separate networks for IoT and guest devices to decrease the possibility of system-wide access. By separating the core internal network that houses all the private data from the public, you can minimize the risk of data theft or ransomware if a breach were to occur.

Security & Control: NG Firewall comes with many security features and applications to provide visibility and control over your network traffic and connected devices. Stay ahead of hackers by protecting your network at the gateway, stopping malware, hacking and phishing attempts before they reach users and devices.

Network Monitoring & Compliance: Reporting is a key aspect for healthcare organizations that must meet and maintain compliance with multiple regulations, including HIPAA. NG Firewall provides 24/7 monitoring of your network and logs all events providing records of any threat or anomaly detected. Alert rules allow IT administrators to get notified immediately if a certain condition is met, allowing them to stay on top of threats, policy breaches, and system statuses.

Untangle provides an all-in-one network security solution for healthcare organizations who require a simple platform at an affordable price. Contact us today to get started.

Additional Resources

Healthcare Solution
Case Studies
Contact Sales

CIPA is critical for schools, particularly those within the kindergarten through 12th grade range. But what, exactly, does CIPA require and how can district administrators ensure that their organization is compliant? Let’s take a look at how technology is changing the face of education and what institutional leaders should know:

Technology increases in the classroom

There’s no question about it: Today’s schools use considerably more advanced learning tools than institutions in the past. According to statistics gathered by PracTutor:

• Tablets are increasingly popular – as well as effective. Just over 80 percent of educators agree that tablets have the ability to enhance classroom learning, and 64 percent of high school seniors noted that access to tablets improves study efforts.
• What’s more, 20 percent of students’ math scores increased after using tablets in the classroom over the course of a year.
• Mobile devices aren’t the only technological assets leveraged. Seventy-two percent of educators prefer to use LCD or DLP projectors, 57 percent have seen success with interactive whiteboards and 49 percent use digital cameras to support classroom learning.
• Overall, 98 percent of schools have at least one computer in each classroom, and 77 percent of teachers utilize online resources to support their curriculums.

CIPA and its importance in schools

As schools continue to leverage online resources and smart devices, the Children’s Internet Protection Act becomes even more crucial.

According to the Federal Communications Commission, CIPA was put into place in 2000 and aimed to safeguard young students from “obscene or harmful content over the internet.” This regulation ensures that schools have the right protection measures in place to control access and support successful learning while blocking inappropriate materials.

In addition to protecting adolescent students, CIPA also offers discounts and benefits under the E-rate program as an incentive for ensuring safe internet usage in educational institutions. Schools and libraries can receive E-rate funding that can be put toward telecommunications services and other technological assets to support districts’ educators and the student body.

CIPA requirements: Compliance checklist

Overall, CIPA is essential for ensuring the protection of students and supporting safe online activity in the classroom. Best of all, schools that comply can reap the added benefit of E-rate funding to bolster their telecommunications.

But what does a district need to comply? Take a look at the checklist below:

• A robust Internet Safety Policy: First and foremost, administrators must establish a policy that prevents access to inappropriate materials online by students under 17. This policy should address not only internet access, but the security of minors using email, chat and other communications. This standard should also include information about unauthorized hacking, disclosure of personal information and the measures used to ensure safety for minors.
• Technological protection measures: A technology solution should also be in place to support the Internet Safety policy, as well as block and filter access to the Internet. This can include a strong firewall and filtering capabilities that prevent access to harmful materials.
• A public meeting or hearing: Once the proposed policy and protection solution have been chosen, administrators must also host a public meeting or hearing to discuss these items with the community.

Compliance with CIPA is essential and benefits not only the well-being of students, but the school district as a whole. More information on CIPA compliance requirements can be found here.

Contact Untangle for more details about protection measures created especially for educational institutions.

State and federal officials confirmed that Illinois’ state voter system had been breached earlier this year. Worse still, the Prairie State wasn’t the only one to fall victim to this kind of attack, showing the need for state governments to be aware of and actively protect against these kinds of threats.

Sensitive voter information exposed

According to an August 2016 report from the Chicago Tribune, the Illinois State Board of Elections confirmed that a hack launched in June on the state’s election system did result in the exposure of individual voters’ information. And while officials believe the attack impacted fewer than 200,000 citizens – a small number considering that more than 3.4 billion people voted during the presidential primaries in March – the attack underscores the threats that state governments face during such a pivotal time.
The Tribune reported that cybercriminals, possibly from a foreign nation, were active within the voter system for a month before their activity was halted. During this time, attackers were potentially able to make off with specific information about certain voters, including the last four digits of Social Security numbers as well as driver’s license numbers. Thankfully, though, the hack did not result in erased or modified voter files, and hackers were unable to access voting history information or capture images containing signatures.

“We say that the system was compromised in this context, that it’s been accessed,” Ken Menzel, elections board general counsel, explained. “We’re very confident nothing was added, deleted or altered.”

The attack, which was launched on June 23, was detected and ceased on July 12 thanks to the efforts of election officials and programmers that leveraged code to prevent unauthorized access to the database containing voter information. As a precautionary measure, the state also eliminated all outside, offline access to the election website, where citizens would go to complete their voter registration applications.

“We’ve been working with the people in the governor’s technology group (the Illinois Department of Innovation and Technology) and they’ve been wonderfully helpful,” Menzel said of the post-breach efforts. “There are also some interstate groups that have banded together for security issues, as well as the FBI and Homeland Security.”

Not the only victim

Around the same time that Illinois officials announced the breach, Reuters reported that the FBI detected a similar attack in Arizona’s voter registration database.

The Arizona attack was more limited and involved introducing malicious software into one state employee’s computer,” Reuters contributors Dustin Volz and Jim Finkle wrote.

In activity parallel to Illinois’ breach response, Arizona officials detected the breach and temporarily shut down the election website so that the threat could be effectively addressed.

A lesson in cybersecurity

These incidents, which experts like David Kennedy of information security company TrustedSec noted could be part of a larger attack, provide a real-life lesson for state governments. Now, more than ever, it’s critical that government networks are adequately protected against unauthorized access and malicious activity.

One of the first – and strongest – lines of defense here is the firewall. State governments and their IT teams need to not only be aware of the threats facing them this election season, but be prepared with the right cybersecurity tools. Having a next-generation firewall in place is an important piece of this puzzle.

Such an asset enforces organizational policies to ensure that only authorized users can access sensitive platforms like voter registration databases. What’s more, a robust firewall helps deliver a high quality of service while guarding against dangerous and malicious software.

To find out more about how a next-generation firewall could help your organization, contact the experts at Untangle today.

According to a recent IDC study, 40 percent of health care providers in the United States continue to see their IT budgets grow. While in previous years, increased IT spending in the health care space could be largely attributed to the need to adopt electronic health records, IDC found that hospitals and other care providers are moving on to invest in more sophisticated forms of technology. Across the board, 18 percent of all new software investments in the health care industry are going toward Software-as-a-Service (SaaS) solutions. Furthermore, nearly a quarter of software spending is being invested in third-party managed hosting services.

Cybersecurity concerns loom as networks expand

As health care providers continue to ramp up investments in their networks, they may encounter new challenges that need to be addressed as soon as possible. Building out hospital systems to make better use of cloud services, the Internet of Things and big data analytics could result in sprawling networks that are difficult to get control over. Some of the most pressing concerns here involve the cybersecurity ramifications that come with expanding networks and adding new endpoints.

With hospitals holding onto a large amount of valuable data including patient information, hackers and other cybercriminals continue to target these facilities. As their networks grow, these data thieves have new avenues to launch attacks, exploit vulnerabilities and gain access to sensitive information. In fact, according to a February 2016 report released by the Ponemon Institute, health care providers encounter cyberattacks nearly once every month. Furthermore, nearly half of the participating hospitals reported losing or exposing patient information due to a cyberattack over the previous 12 months.

“Stories surrounding the breach of hospital and health systems data are unfortunately no longer infrequent occurrences,” said Rod Piechowski, HIMSS senior director of health information systems. “Cybersecurity attacks have the potential to yield disastrous results for healthcare providers and society as a whole. It is imperative that healthcare providers acknowledge the need to address cybersecurity concerns and act accordingly.”

Effective cybersecurity begins with the network

The first step to getting a handle on health care cybersecurity concerns is to bolster network security. This includes employing a next-generation firewall to block incoming malware such as spyware and phishing attempts, as well as identify and inspect all incoming traffic and properly manage user-access controls. In this way, hospitals and other facilities can embrace the latest in health care tech while retaining the peace of mind of knowing that their networks are safeguarded against emerging threats.

With students flocking to classrooms across the country, administrators must ask themselves, “Is the network ready?”

Technology becoming increasingly critical in the classroom

Classroom learning has changed considerably in the past few years. Text and workbooks have been replaced with laptops and tablets, and the chalkboard of yesteryear is more often a whiteboard or smartboard that enables more creative, collaborative learning.
As technological assets like these become increasingly important to daily lesson plans and the overall curriculum, the network that underpins these assets is an even more paramount resource to have in place.

Having technology like this in the classroom comes with numerous benefits, including:

• Better preparing students for life after the bell rings. In most careers, students will have to utilize some type of technology, and it’s best if they are familiar with the usage of these systems.
• Supporting different learning styles. Students who find understanding through visual materials, audio recordings or more kinetic learning can all benefit from technology in the classroom. What’s more, teachers are now able to reach all types of learners through an array of learning materials.
• Access to the most recent information. No more outdated textbooks here – students can now take advantage of the most up-to-date materials possible, including digital textbooks that are continually being updated.

The network architecture: Understanding your needs

Before administrators can take steps to ensure the preparedness of their networks, they must understand how this system works.

Education SuperHighway noted that the typical school district network includes three critical components. Taking a top-down view, the network begins with the internet service provider, who ensures that connectivity is available and students and teachers will be able to access the internet. This internet connection enables the creation of wide area and local area networks. A wide area network is more far-reaching, encompassing connections between different district locations and campuses. A local area network, on the other hand, includes the wired and Wi-Fi connections of a particular school or district office.

Prepping the network for success

In order to make the best use of these resources, it’s important that administrators and IT staff take steps to ensure the network is ready for the influx of users headed its way. EdTech noted that there are a few essential efforts that can be made here, including:

• Testing network functionality to help guarantee that devices will be able to connect and that online content loads and operates correctly.
• Considering how new technology will affect the network ahead of time. For instance, an increase in mobile devices like laptops can significantly affect bandwidth usage.
• Double-checking available network capacity. This will help ensure that each student has the same experience with tech-based programs, and that no one gets kicked off the network in the middle of a lesson.
• Ensuring security. The internet can represent the Wild West in terms of threats, and guaranteeing the safety of students is paramount in every school.

Top-notch network protection: Partner with an expert

Network security is something that must be a top priority within every institution – all the way from early to higher education. What’s more, it’s not just about protecting the students. Your school’s network represents a critical resource that requires its own safeguards as well.

For these reasons, it’s absolutely essential that schools partner with an expert that can help them leverage best-in-class tools to secure their network. Untangle has everything your institution needs to ensure top-notch network protection, and has experience working with an array of different educational organizations.

For more information, check out our case studies and contact Untangle today.

1. Size doesn’t matter

It can be tempting for nonprofits to think that they can fly under the radars of hackers and other cybercriminals. After all, why would hackers target small, not-for-profit organizations when there are bigger fish out there? However, recent reports suggest that nonprofits are just as at risk as any other institution. Take, for instance, the case of the Utah Food Bank, which suffered a breach that resulted in the theft of personal information belonging to more than 10,000 donors.

The reality is, as the Upstate Business Journal noted, that nonprofits are often more at risk due to their small scale of operations. Specifically, they lack the resources and dedicated IT staff often needed to install and maintain security solutions, as well as identify suspicious activity on the network.

2. Breaches are expensive

A single breach can cost any organization a great deal of money, regardless of what sector they operate in. Nonprofits may not have a lot of funds that can be directly stolen by a hacker, but a breach can be costly in other ways. One of the most potent of these is the hit to their reputation and the ensuing fallout. If a charitable organization suffers a breach, and their donors’ sensitive information gets out in the open, people will be less likely to contribute funds to them down the road. This is especially true for organizations that rely on web portals to receive most of their donations. Once that trust is broken, it can be difficult – if not impossible – to restore.

3. Be mindful of compliance issues

In many instances, the cost of a network breach doesn’t end with the loss of donations. Depending on the nature of the affected nonprofit, it may face additional expenditures if it has violated any governmental compliance regulations. For example, the Catholic Health Care Services of the Archdiocese of Philadelphia, along with the U.S. Department of Health and Human Services’ Office for Civil Rights, recently agreed to pay a $650,000 settlement following a data breach. In the aftermath of that breach, it was discovered that officials within both organizations had failed to comply with federal security guidelines established by the Health Insurance Portability and Accountability Act. HIPAA violations are nothing new to the health care industry, but it’s important to recognize that many nonprofits are held to the same standard of network security.

4. Don’t panic

With all of that said, there’s a light at the end of the tunnel for nonprofit organizations when it comes to their network security concerns. By partnering with a reliable and trusted network security provider, nonprofits can ensure their assets are properly safeguarded while keeping things well within their budget. A next-generation firewall, for instance, can defend the network against various types of threats coming in from websites, emails and file downloads. Furthermore, that level of network security enables nonprofit members to use a wide variety of mobile devices and other endpoints on the network without creating additional points of vulnerability.

In particular, K-12 education IT staff should be sure to do the following before school is back in session:

1) Secure additional funding if possible

While E-Rate may be the most popular source of funding out there for cash-strapped schools, it’s far from the only dedicated source of money for network-specific applications. Many states and other public agencies offer similar programs, as do non-profits. Granted, it’s far more ideal to have these funds in place before school ends so they can be used appropriately in summer, but having this additional spend can go a long way toward supporting networking initiatives during July and August.

2) Ensure compliance

Primary and secondary schools have many laws and regulations to abide by, but in an IT sense, none may be as important as CIPA. The Children’s Internet Protection Act details what kinds of content students can and cannot see from a school computer or from a device connected to the network. The summer months are an opportune moment for IT staff to conduct a thorough audit of the network and school-owned machines to make sure that everything is compliant and up to par with the most recent language of the law.

3) Update the wireless networking capabilities

At too many schools, the network was not built with wireless connectivity in mind. This is increasingly problematic, especially as tablets and 1:1 programs become more commonplace. As such, what wireless features and capabilities are in place may not be ideal, especially as it relates to security and compliance concerns. One way to address this challenge is by updating the Wi-Fi connectivity rules so that all mobile devices can only get onto the network through a dedicated VPN. That way, network rules will apply to all mobile hardware no matter where on premises it is located.

4) Repair or replace all broken hardware and malfunctioning software

This one is a no-brainer, but it bears repeating. The time when students are out for the summer is ideal for taking stock of every single thing and making sure it’s totally ready to go and in line with standards. By conducting a thorough review and taking inventory, IT staff can get a sense of what is good to go for the following year, what needs to be repaired and what needs to be replaced wholesale. The earlier this can be done in the summer the better, to ensure that enough time is available to get everything in working order before students and teachers are back.

5) Implement new web filtering rules

As threats to the network evolve, so too should defenses. Web filtering is a key component of ensuring compliance, although what was put in place many months or even years ago may not cut it in 2016 and 2017. The relative quiet of July and August provides IT teams with ample opportunity to look into the effectiveness of the existing web filters and potential new ones to set up to make the network even safer and more robust.

6) Check on the firewalls

Firewalls remain a key tool for keeping malicious traffic off of the network, but legacy network gatekeepers may be doing more harm than good. Old firewalls are often either too weak to keep out the bulk of new threats, or they’re too tight and prevent both students and teachers from effectively accessing testing websites, video content or other web tools. The IT team in a K-12 district should use the time between school years to run a thorough audit of the existing firewalls to see if they’re working well or need to be replaced with a next-generation option.

Summer is time off for students and teachers, but not for IT admins. While school will be back in session in no time, there’s still a lot IT staff can do now to make sure that the network is ready to go once students return.