In October, the Cybersecurity and Infrastructure Security Agency issued a warning that there is an imminent and increased cybercrime threat to U.S. hospitals and healthcare providers. Being just a few months into 2021, it is unfortunate to say that this alert remains just as prevalent.
With the prediction that healthcare will suffer 2-3X more cyberattacks in 2021 than other industries, it is imperative to address the risks associated with maintaining status quo legacy environments.
Many times, when a hospital or health system decides to implement a new health information system (HIS), the older system gets turned to maintenance or “read-only” mode to meet federal and state data retention regulations. However, when applications become obsolete and are maintenance mode, they no longer receive updates, and/or are running on aging hardware as well as operating systems, which all increase vulnerability for a cyberattack.
To reduce the number of access points for cyber criminals, and to protect your organization from being the next victim of a breach or ransomware attack, consider these best practices:
- Separating duties and implementing controls to restrict access to data and applications will greatly reduce the number of folks who have unnecessary privileges to assets and systems.
- Archive data and decommission legacy systems. Many times, legacy systems do not receive vulnerability patches or regular updates due to costs, or the fact that the vendor has stopped supporting the system. It is cheaper in the long run to archive systems than it is to react to a security issue and the ROI can be significant.
- Train employees to keep computers clean and follow secure password and strict email practices
- Log and monitor all logins and usage. Data breaches come from internal and external users. Keeping a log of all activity can help identify inappropriate data access early or before it becomes a larger issue.
- Formulate a detailed security strategy and perform regular risk assessments on all applications to determine vulnerabilities and weak points.
Legacy data archival provides significant benefits to organizations, especially around security. Archival projects consist of aggregating, consolidating, and presenting data in secure platform that can be accessed through the current electronic health system at the point of care. By archiving, it captures the data that, by law, needs to be retained for a given period of time, often 10-30 years, and allows organizations to decommission the legacy systems. This eliminates all maintenance, support, and licensing costs for the system, providing a long-term solution that saves money. Additionally, data stored in archival platforms like ClearView Legacy Archive Solutions receive regular updates and patches to ensure the platform is up to date on the latest security protocols and libraries.
Do you have legacy systems? Ensure the data is protected by investigating legacy archive solutions. To learn more about Trinisys’ ClearView Legacy Archive Solutions, contact us at 877-874-6479 or sales@trinisys.com.