I got the call from Dr. Wilson. He told me he thought he had a virus on his computer. After some quick diagnostics we confirmed that he had some malware on his computer. Malware is a conjunction for MALicious SoftWARE and it’s designed for a purpose. Either some kid who has something to prove or a real thief that is looking to take something decided they would create this mess. Just think if they decided to put that brain power to good use and help others? In this case, it was a real thief and the victim was an unsuspecting DC. But what happened? He said the only place that he went was to CNN. Ahh, that explains it.
As shocking as this might sound, it’s true! Inherently, the site is not a problem, but if you have ever gone to the popular news sites you will see that there are advertisements on them. These advertisements are served up by third party vendors that aggregate the ads and send them to the various news sites. While CNN may have great protection in their network from thieves, they effectively have a built-in tunnel for a Trojan horse. All a hacker has to do is infect one of the ads on the third party host and that’s it. It sort of like locking your door but leaving the window open.
You don’t even have to click on the advertisement to get the infection. It simply has to appear on your screen. The worst part of all of this is that once you are infected, that malware could be stealing patient data and sending it to the thieves. But it can be prevented.
According to Avast, a manufacturer of antivirus software, major ad networks affiliated with Yahoo, Fox and Google have been distributing “poisoned ads” containing malicious code. The so-called JS:Prontexi attack uses JavaScript that can open the door to malware attacks and zero-day exploits, all without clicking on anything. To boil down the terminology, a zero-day exploit is one in which no antivirus software can catch because it’s so brand new that it isn’t in a database (A good firewall and protection strategy can minimize vulnerability to a zero-day attack though)
Here are 3 ways to ensure you don’t become a victim to the fraud. Proper protection is about strategy as no single component or software is good enough to properly protect your office network:
1) ANTIVIRUS/ANTIMALWARE – Make sure you have CURRENT antivirus software on your computer and make sure that software has a good antimalware component. I could get into a lengthy discussion as to which software is the best, but right now, it’s important to have SOMETHING on there. Be careful as many of the free packages are neutered and in most cases, it’s not legal to use them in a business environment. For antivirus software to be effective, it needs to auto update be monitored. It’s no good to have it go out of date and not know about it. Plus HIPAA requires monitoring to know if there is an attack or not. This is equivalent to why you use the subluxation station. It measures and monitors what’s really going on to help you effectively treat your patients.
2) MANAGED FIREWALL – The home grade $69 routers you buy at Best Buy are not good enough to protect your office. A good firewall contains a component called a UTM (Unified Threat Management). This has databases of known threats and proactively looks for attacks from viruses and hackers. One of the best features of a UTM firewall is that it will have advertisement blocking functionality. This helps prevent issues like the subject of this article. It also contains antivirus software at the firewall level in addition to intrusion detection/prevention systems. Good firewalls also have content protection to keep your employees from accidentally (or otherwise) going to bad sites. If you want, you can even restrict them from browsing Facebook during business hours etc. They also log traffic as required by HIPAA in the event of an attack.
3) WORKSTATION MANAGEMENT – As you browse different places on the web, or just plain old use your computer, it gets slower and slower. This happens because temporary files and junk clog up your computer. Just like your car, and maybe even more so, your computer needs regular maintenance and monitoring. Today’s cars have monitoring to let you know when your tail light is out because I don’t know about you, but I don’t routinely hang out the window that far! Why don’t you have that on your computer? One of the MOST IMPORTANT items to stay on top of are the patches. Microsoft and most of the programs you use on your computer (Java, Flash, Adobe PDF Reader, even ChiroTouch) release regular updates. Many of them are for important security reasons. In fact, HIPAA thinks so much that they require you to keep patches up to date AND MONITOR them. Keeping the computers clean and working well also keeps your CA’s happy and productive as a bonus. J
While recent tragic events in the Boston area prove that this society has dangers, the risks and dangers that are present in a Chiropractor’s computer network can destroy your practice if not properly mitigated. Yes going to CNN can literally close down your practice if don’t have the proper protections. I don’t write this to scare you into not using technology. I would rather you use technology to grow your practice, but as with anything, education and proper risk mitigation are paramount. We offer a free initial consultation to educate on things like what insurance you MUST have in place but almost NO Chiropractors do to properly protect your office from a network security breach.
If you want a partner to come alongside you and just take care of all this for you so you can focus on healing your patients that’s where we excel. We have a complete package to do all three of these things for you and give you access to our team for less than $.42/hour. Try hiring someone at that rate.
Click the FEEDBACK button on the right and reach out to learn the things you need to put in place to protect your practice.
Leave A Reply (No comments so far)