|
File sharing, instant messaging applications jeopardize
healthcare efforts to comply with privacy and security laws
New Palisade Systems report warns of dangers from uncontrolled P2P
AMES, Ia. (May 28, 2002) -- Hospitals and healthcare organizations are
working to meet the security and privacy regulations of the Health
Insurance Portability and Accountability Act of 1996 (HIPAA). However, a
report issued today by Palisade Systems and the HIPAA Academy found that
the efforts of these organizations may be at risk by allowing peer-to-peer
(P2P) and instant messenger (IM) applications to run on their networks.
The report concludes that by failing to control P2P and instant messaging,
hospitals and other healthcare organizations risk compromising patient
health information and an increased exposure to law suits.
“P2P applications open up a healthcare organization’s network to the
outside world,” said Mark Glowacki, HIPAA Compliance Manager of the HIPAA
Academy. “Applications like P2P and IM allow employees to communicate and
share files covertly with outside parties. Because these applications can
run without being detected by conventional security appliances like
firewalls, security violations are only discovered after the fact. With
instant messaging, undocumented communications regarding a patient may
occur without the healthcare organization’s knowledge leading to an
unintentional breach of HIPAA’s access requirements.”
In addition to undetected file sharing, P2P and IM can open up an
organization to security threats targeted at these applications like
viruses, worms, and spyware. Several P2P applications include spyware as a
standard part of the installation, which may allow for unauthorized
collection and distribution of confidential information. Free instant
messaging applications can allow a hacker to take over the user’s computer
through security vulnerabilities that have not been fixed with an
additional download from the software’s creator. IM applications are also
prone to worms and viruses specifically designed to attack these programs.
“No organization with P2P or uncontrolled IM programs running on its
network can be HIPAA compliant,” said Doug Jacobson, Palisade Systems’
president and chief technology officer. “The applications open up too many
security holes, and companies discover them too late. In the Fall of 2002,
a Colorado city government learned the types of exposures they faced after
an individual downloaded police passwords and other sensitive city
information. The files were taken from the hard drive of the city’s
network administrators. Hospitals running these applications will be
confronting the same potential reality.”
The full report is available for download from the Palisade Systems’ Web
site at: www.palisadesys.com.
About Palisade Systems, Inc.
Palisade Systems, Inc. helps organizations manage and protect critical
network assets against a variety of threats from benign utilization issues
to malicious attacks. The company’s appliances offer easy-to-implement,
proactive approaches to control network level access, filter Internet and
application access, and provide “decoy” style intrusion detection. The
cornerstone of Palisade’s offering is its new FireBlock appliance, which
addresses the single largest source of risk for security incidents on an
internal network today – virtually ubiquitous network-level access to all
internal network systems and devices. Since its founding in 1996, the
company’s products have been installed in hundreds of businesses, schools,
and universities across the country. For more information, please contact
Palisade at 2625 N. Loop Dr. Ste. 2120 Ames, Ia., 50010, USA Phone
515-296-6500, Fax 515-296-5335,
www.palisadesys.com or
sales@palisadesys.com.
About HIPAA Academy
HIPAA Academy is a nationally recognized firm that delivers solutions to
assist organizations with their HIPAA initiatives. This includes the areas
of HIPAA Professional Services, HIPAA Assessment, Interim HIPAA Compliance
Officer and HIPAA Training and Certification. The HIPAA Academy
Certification Program is about developing and validating HIPAA knowledge.
The training is designed to deliver the skills required for certified
HIPAA Professionals, Security Specialists and Administrators to be
effective members of enterprise HIPAA implementation initiatives. For more
information, please contact HIPAA Academy at 877-899-9974 x21:
www.HIPAAacademy.net.
|
