How do you block access to your systems (and sensitive data) from hackers in the outside world?
How do you block access to your systems (and sensitive data) from hackers in the outside world? The easiest way is through a firewall. So, how does a firewall work? Computer firewalls block bad guys from intruding into your private systems, while still allowing you to access the Internet and communicate with the outside world.
Learn more about firewall basics here: How Does a Firewall Protect a Business?
So how does this apply to healthcare? Every organization that deals with sensitive information (such as credit cards, patient health data, or government records) should have both a hardware and software firewall to protect them from attackers.
A software firewall regulates data traffic through two things: port numbers, and applications. Depending on your firewall settings, your firewall could stop programs from accessing the Internet, and/or block incoming or outgoing access via ports.
See also: Understanding the HIPAA Application of Firewalls
For example, Port 80 is your Internet connection. Leaving outgoing Port 80 open is ok, because that is what allows you to browse the Internet. Leaving incoming Port 80 open is a different story. If it’s left open, anybody could access your network through Port 80.
One downside to a software-only firewall is that you have to train and maintain the software to recognize threats. As you add or update programs, your firewall will block them, until you tell it not to. Additionally it only protects the device it is installed on. That’s what it does by design.
For a firewall to be effective, you must have enough knowledge to know which programs and applications to allow, and which ones not to allow.
See also: How to Configure a Firewall in 5 Steps
But, software firewalls are only half your defense. All networks (whether small or large) need a physical hardware firewall.
A physical hardware firewall is placed between your office network and the Internet and guest wireless (if you have one). We often call this a ‘perimeter firewall’ because it is protecting our network and systems at the perimeter of the outside world. It not only adds a layer of protection to our workstations, it also protects network devices such as printers, medical equipment, and telephone systems which often don’t have a software firewall available on them.
See also: Get Started with HITRUST
The difference between hardware and software firewall is this: A hardware firewall protects you from the outside world, and a software firewall protects a specific device from other internal systems.
For example, if someone tries to access your systems from the outside, your physical firewall will block them. But if you accidentally click on a virus-laden email that’s already managed to get into your system, your software firewall on the other computers in your office network may stop it from infecting them.
See also: PCI Compliant Firewalls: 5 Things You’re Doing Wrong
Even if you have both a hardware and software firewall, they may be useless unless you have the right people monitoring and managing them.
We’ve all heard about the Target breach of over 40 million credit cards. Did you know Target IT staff received firewall alerts 5 days and then again 3 days BEFORE any data was stolen? These alerts were ignored, which allowed the bad guys to continue the attack.
It does no good if you don’t have the technical expertise to work with firewall rules, understand them, and react to the alerts generated. Contract with an IT professional to help you set up and maintain this crucial portion of your healthcare security.
See also: HIPAA Vulnerability Scanning 101
.svg)
