Attackers target organizations that utilize remote access applications.
Do employees at your office like to work from home? Does the doctor regularly access patient data in another place besides your office? Do you use a third party for IT support or billing?
They probably use a remote access application (like GoToMyPC, LogMeIn, or RemotePC) to gain admittance to your patient database from elsewhere.
That’s great for productivity, but often bad for security.
Attackers target organizations that utilize remote access applications. If a remote access application is vulnerable, it allows them to completely bypass firewalls and gain direct access to office and patient data.
Subscribe on YouTube to see more videos like this.
The foremost setback with remote access is not the tool itself, but rather, how it’s configured. By merely requiring a username and password, an attacker need only break a single level of security, and there are a plethora of online tools available to help him.
Once he’s gained network access, the attacker essentially has the keys to the kingdom, and is free to install malware designed to harvest patient data and export it to his system.
Remote access can be secure, as long as it uses strong encryption and requires two independent methods of authentication (called two-factor authentication). Be sure to enable and force strong or high encryption in your remote access configuration.
In addition to entering a username and password, two-factor authentication requires an additional step, such as physically calling an onsite office manager to be granted remote system access.
To stay secure, ensure the remote access tool your staff uses has two-factor authentication and strong encryption.
.svg)
