HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Protect Hospital Computers from Malware

Protect Hospital Computers from Malware

What is Malware?

Before explaining how to protect hospital computers from malware, it is advisable to resolve any confusion about what “malware” actually is. Malware is an abbreviation of “malicious software” – a term used to describe any hostile or intrusive software that disrupts computer operations, gains administrator access to computer systems, gathers sensitive information about the computer user or displays unwanted advertising.

Legally described as a “computer contaminant”, malware is an umbrella term for computer viruses, adware, spyware, ransomware, worms and trojans – trojans typically being disguised as, or embedded in, non-malicious software. Malware is often detected by security software once it has been installed. However, by the time the computer contaminant is discovered, it is often too late and the consequences of failing to protect hospital computers from malware have already begun to manifest.

What Are the Risks to Hospital Computers from Malware?

The risks to hospital computers from malware vary according to the type of malware it is and its level of malicious intent. Surveillance malware such as adware and spyware tend to monitor a computer user´s activities with the intention of directing them towards specific advertising or recording their key strokes. Malicious adware can been used to direct computer users to online advertisements containing further malware, while certain types of spyware can record usernames and passwords so that hackers can use this information to break into patient databases and extract PHI.

By comparison, ransomware is a type of malware usually covertly installed via a trojan that encrypts files on the computer´s hard drive so that the computer´s operating system cannot read them – effectively making the computer unusable and the data inaccessible. Unless the hard drive has been recently backed up (so that the files and data can be restored), the only way to recover from a ransomware attack is to pay a ransom for the decryption key. For an individual computer user, the ransom is not likely to be a great deal. For a healthcare organization, the ransom demand could be millions of dollars.

How to Protect Hospital Computers from Adware and Spyware

The best way to protect hospital computers from adware and spyware is by restricting user access to websites known to contain malware, or those most likely to – typically websites whose content contains pornography, pharmaceutical products or free software. This is most effectively achieved with an Internet content filter that relies on blacklists, category filters and keyword filters to control what websites Internet users can visit.

Internet content filters protect hospital computers from adware and spyware by comparing each request to visit a website against the filtering mechanisms to determine whether the request should be allowed or denied. Most service providers automatically update their blacklist and category filters to include the most recently-reported malware, while system administrators can fine tune the filtering parameters via the keyword filters to restrict access to websites that the healthcare organization may not wish their employees to visit – such as non-work related video streaming sites.

How to Protect Hospital Computers from Ransomware

Although ransomware is typically disguised as, or embedded into, non-malicious software, Internet content filters can help protect hospital computers from ransomware attacks by being configured to block the download of certain files types, programs, applications and scripts. It may be inconvenient to block the downloading of all .exe and .pdf files, but less inconvenient – and potentially less expensive – than resolving a ransomware attack.

Ideally, Internet content filters should have SSL inspection. This feature helps protect hospital computers from ransomware embedded into encrypted web pages (those having an https:// prefix). Unfortunately, an SSL certificate is no longer a guarantee of online security. Many web pages with an https:// prefix have been identified as having vulnerabilities that could be exploited by a hacker to install ransomware.

Get Advice on How to Protect Hospital Computers from Malware from TitanHQ

TitanHQ is a leading software developer with a portfolio of security solutions suitable for the healthcare industry. Since 1999, the company has been providing advice on how to protect hospital computers from malware and helping healthcare organizations mitigate the risk of web-borne attacks with a range of Internet content filters that can be deployed as a virtual appliance or in the cloud.

To get free advice about how to protect hospital computers from malware, you are invited to contact TitanHQ and speak with one of their sales engineers. After discussing the nature of your organization, its size and the security measures already in place, you will be invited to test-run the most appropriate solution for mitigating the risk of web-borne threats free for thirty days – giving your organization the opportunity to evaluate how well an Internet content filter helps protect hospital computers from malware.