• My Tweats

    • Flickr Photos

    Endpoint Security Risks in Healthcare

    From Watch Your End:

    The endpoint security risks in healthcare or fairly obvious, however once you start realizing how many people have access to personal records and how easy it is to load this information onto a USB flash drive, CD-ROM, or even a camera or iPod it gets a little scarier. Very few hospitals or health insurance firms for that matter have solid enpdoint security measures in place to protect your data and as more records become digitized in becomes easier to steal. So remember that the next time you go in for your checkup, they’re probably a lot more people viewing your records than just your doctor.

    Attention corporate users of endpoint devices like the handy USB thumb drives – your use of them will be ending soon.

    The year 2007 will see widespread deployment of Endpoint Security measures. I am in the startup stages of one such project for a financial firm. It will be bittersweet, because I love my 1gig USB thumb drive. Bad guys love them too. 😦

    Update: I corrected a mistake with formatting. The second to last paragraph was mine, not that of the linked-to author.

    4 Responses

    1. so why not train your physical security on equipment that scans the devices ?
      yes yes, more money….

      but I am thinking of a credit card swiper size device with all port types plus expandablilty for future interface types. Scan mp3s to make sure they are mp3s, ipod format for ipod format jpeg for jpeg?

      next is paying employees what they are truely worth in order to give them one less reason to steal. if I read it correctly, people in financial difficulties are not given security clearance because they could be blackmailed into stealing the information. In a similar vein, if I pay you enough to put up with the crap at work and cover your jobs worth then I will have less to worry about you stealing from me.

      -just a stream of consciousness from a disgruntled employee who has too much “Catholic guilt” 🙂

    2. There is some software out there for endpoint security that is fairly cheap.

      The downside comes in loss of connivance. It is handy to just insert a USB drive.

      Because the bad guys can do really bad (big cost to the target company) things with the functionality, you have to restrict it.

      An organization should adopt a least privilege policy, and by default allow no external USB devices to be attached to company assets, except for those explicitly approved for by policy or by thorough review process (case by case bases). The management of these access profiles will cost some time and money and be perceived as annoying by internal users.

      I am just thinking out loud here, but the technical solution, should:

      – Block as default all access

      – Allow some types of known IT approved devices such as (keyboard/mice)

      – Block the writing ability of CD and DVD drives except for those who require it

      – Block by default USB drives from writing

      – Allow certain Company supplied and approved USB devices using encryption technology to specified people only

    3. so are you trying to prevent this from being used ?

      http://www.mojopac.com/portal/content/hellomojo.jsp

    4. Yes, things like Mojopac are what I am trying to block. Or slurping software for iPods. Things like that.

      The blog “Watch Your End” has a nice ongoing coverage of endpoint devices risks: http://www.watchyourend.com

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out /  Change )

    Google photo

    You are commenting using your Google account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s

    %d bloggers like this: