Conference Coverage

HIMSS 2016 conference coverage and analysis

Reporting and analysis from IT events
Q
Manage Learn to apply best practices and optimize your operations.

How to prevent healthcare cybersecurity vulnerabilities via USB

USBs can create a vulnerable entry point for cyberattacks in healthcare. One CIO details the nuances of the problem and offers up possible solutions.

LAS VEGAS -- Hospitals, health systems, and their CIOs are on full alert when it comes to healthcare cybersecurity vulnerabilities. All are trying to identify possible weak points in their organizations and make sure to monitor and secure them. One possible entry point for attackers are Universal Serial Buses, or USBs, David Higginson, executive vice president, chief administrative officer and CIO at Phoenix Children's Hospital, told SearchHealthIT at HIMSS 2016. Higginson details the complicated nuances USBs pose to healthcare organizations and offers up advice on what can be done to fortify against healthcare cybersecurity vulnerabilities via USBs.

David Higginson: USB ports are a nightmare for us. We have a lot of people coming into our organization to do presentations; vendors come in and want to show stuff. It's a fairly public environment. People bring a USB stick and want to be able to plug it into a device, and bad things happen when software transfers that way, and we can't just shut off USB devices; that's not really going to be practical. So it's always a balance between being very secure versus trying to be accommodating of peoples' needs, and, unfortunately, what tends to happen is you side on the accommodation side until you get hit, and then you swing the pendulum [the other way].

What can healthcare organizations do to prevent healthcare cybersecurity vulnerabilities via USB drives?

David Higginson, executive vice president, chief administrative officer and CIO at Phoenix Children's HospitalDavid Higginson

Higginson: There's no magic answer, I would say. So you can take one strategy, which is we just shut off USB ports throughout the organization and try to stop people loading on content, but that doesn't work very well because people still transfer files via USB connections, even if you give them a [Microsoft] OneDrive or Dropbox account. When people come as visiting lecturers, academics may come into the organization, all they bring with them is a USB stick. They plug it in and their PowerPoint will come up. It's not going to work very well. And so one of the things that we've focused on ... is when you take data from our network onto a USB port it gets encrypted to protect our data leaving the organization. That's fairly easy to do. That's kind of becoming a standard. But then you've taken that entire USB drive that belongs to someone that may have their family pictures on it and you're encrypting that whole drive. So if they use that encryption they lose that USB port. That often doesn't go well.

It's always a balance between being very secure versus trying to be accommodating of peoples' needs.

And then the flip side of it is they're dragging files onto my network. So they bring that PowerPoint onto my computer to show it, but what if they were bringing a virus? What if they're purposefully bringing malware into the organization? I don't know what the magic answer is, and [with] everybody you've talked to, it depends on whether they've had an attack. Those people are more on the conservative side, and other people may be different.

Next Steps

More cybersecurity needed in medical imaging systems

HHS in charge of assembling cybersecurity group

Probst talks about cybersecurity at HIMSS 2016

This was last published in March 2016

PRO+

Content

Find more PRO+ content and other member only offers, here.

Conference Coverage

HIMSS 2016 conference coverage and analysis

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close