Malware Threats to Healthcare IT Structures

Posted by John Dimaggio on Aug 18, 2016, 1:10:37 PM

In Cyber Security

Literally hundreds of times per day, hackers worldwide are using the internet to probe your corporate IT structure in search of vulnerabilities.  These touches are conducted with methods so sophisticated that the hackers are able to hide their intentions.  Their objective however is clear: the exploitation of sensitive data for either profit or bragging rights.

Points of entry can include mobile devices, USB’s, internet, social media, e-mail, cloud and network infrastructure. Malicious software, also known as malware, is the entry tool of choice for most hackers. Malware is any software designed to disrupt computer operations, collect confidential or sensitive information, and/or gain unauthorized access to computer systems.

Malware can be a virus, application, or any unwanted software that gets installed on a computer or mobile device without the user’s consent.  Malware is typically installed when a user clicks on a link in an e-mail (rather than typing the URL of a trusted site directly into a browser), or opens an e-mail attachment.  Hackers also bundle malware with popular free downloads.

Malware is difficult to detect because hackers will do everything they can to ensure their malicious software goes unnoticed and does not impact system performance.  However, a computer may be infected with malware if it runs slowly, displays continual error messages, exhibits web pages not searched for or displays repeated pop-up messages.  Additional signs to look for include changes in the computer’s browser, such as unfamiliar tabs or a different default search engine. Again, while those signs typically mean something is wrong, malware is often undetectable.

Some tips to defend against malware are listed below:

  • Scan USB’s and other external devices before using them;
  • Purchase software directly from the source to avoid installing software that has been “bundled” with a virus;
  • Install malware detection software and ensure anti-virus software is in place and that both are kept up-to-date. Using software or other security policies to block known payloads from launching will help to prevent infection.
  • Use a firewall and frequently review your firewall logs and settings;
  • Promote safe browsing habits;
  • Educate your employees on the mechanics of malware. Keep alert to current and emerging threats, and provide periodic security updates and reminders to your workforce. Train employees to:
    • Avoid opening e-mail attachments that are not from a confirmed and trusted source;
    • Avoid clicking on a link in an e-mail, and instead type a trusted URL address directly into a browser;
    • Avoid clicking on pop-ups or banner ads;
    • Pay attention to browser security warnings. Many browsers provide a warning before a user visits an infected website or downloads a suspicious file.

 Finally, don’t underestimate the complexity of IT Security.  Complex, ever-changing regulations, increased vulnerabilities, implementation of new technologies and changes in business processes can make it difficult to stay in front of emerging threats.  Consider hiring a compliance partner to help navigate the process by designing a customized approach based on your organization and tailored to meet your specific regulatory requirements and state statutes. 

For more information on Cybersecurity in the Healthcare arena, download our Cybersecurity eBook by clicking on the below link:

Download Our Cyber Security eBook

BlueOrange Compliance has been providing privacy and security assessments, remediation, training and guidance since the inception of HITECH.  Our team is comprised of former healthcare IT executives and top security, privacy and technology analysts.  Our national client base consists of hospitals, physician provider practices, Nursing Facilities, LTC Pharmacies, LPCs, CCRCs, homecare, hospice and business associates.  If you want to learn how BlueOrange Compliance can help you turn HIPAA complexity into HIPAA compliance, visit us at