An unfortunate reality of practicing medicine in the Internet age is the constant threat of cyber attacks. One of CareCloud’s technology platform partners, CardConnect, recently published an article about the topic of vulnerability management for healthcare providers. This blog post was based on a recent interview by CardConnect’s Chief Security Officer Rush Taggart with HealthData Management, and we’re glad to republish it here for Continuum readers.
First, let’s go over exactly what vulnerability management is. It’s the practice of researching and understanding an organization’s vulnerabilities and then developing plans to mitigate them so the impacts of potential data breaches are minimized and even prevented.
In his article, Rush breaks down five important steps to consider in order to effectively practice vulnerability management.
1. Patch, patch, patch.
Don’t make the mistake Equifax did last year – make sure your company is paying attention to patches that need deploying in order to fill vulnerable gaps that may be present in your systems.
2. Control access.
Be careful about who you’re giving access to important data and make sure it’s given only to those who really need it.
3. Beware the phish.
Make sure you and your team know how to identify potential phishing campaigns that can take down your network with the click of one button.
4. Limit accessible data.
Get rid of the unuseful data that’s just sitting on your system, so you can reduce the size of your target for hackers.
5. Monitor traffic constantly.
Monitor your network every single day so you don’t make the mistake of going weeks or even months with undetected malware wrecking your system.
As Rush points out in his article, the bottom line is that putting time and resources into vulnerability management upfront can protect you from the potentially irreversible impacts of a breach. For healthcare providers, there’s an obligation to protect patient data, and it begins with taking vulnerability management seriously.
If you’re interested, you can check out the full article from HealthData Management here.
About the author
Rush Taggart serves as Chief Security Officer of CardConnect, a payment processing and technology solutions provider. CardConnect’s payment gateway and security offerings were primarily built by Taggart during his time at Princeton Payment Solutions, acquired by CardConnect in 2012. Taggart rebuilt the existing Payware and CardSecure C++ applications into Java, adding significant user functionality as well as platform portability. In 2014, CardConnect was awarded two patents related to payment security that were a direct result of Taggart’s work. Recently, Taggart developed a retail terminal solution for CardConnect’s SMB customers, providing a PCI-validated P2PE solution that is also EMV-ready.