How can I tell whether someone has hacked into my network?
HIPAA Weekly Advisor, January 31, 2005
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Sometimes, a slow computer or network performance, modified data, missing data, or critical log file alerts can signify a security breach. The hacker may even contact you anonymously and tell you what he or she did. However, quite often, you won't know that it happened at all. Hackers who really know what they're doing can compromise systems quietly and methodically and cover their tracks.
To prevent the attacks to the extent possible, use a layered security setup that includes physical protection of computer systems, firewalls, intrusion detection (or preferably) prevention systems, required logins, and file access controls. Proactively monitor firewall, intrusion detection, and computer logs-or at least set up an alert system that contacts you when an oddity occurs. Automate this type of monitoring if you can.
When alerts occur, you'll still need to investigate further. As with any type of technical investigation, if this is not your forte, bring in someone who can help-either an outside consultant or law enforcement cyber crime investigator, or both.
Editor's note: Kevin Beaver, CISSP answered this question. This is not legal advice. Consult your facility's legal counsel for questions on legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- HIPAA Q&A: Level of encryption needed for email
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Hospitals are not bound by InterQual criteria for determining patient status
- ED-to-inpatient transfers are flawed with safety gaps
- Searched