To protect patient health information, hospitals and healthcare organizations need to be sure they are incorporating often overlooked endpoint technologies — namely, printers — in their healthcare IT security plans
Printers offer hackers an easy entrance to your organization’s network. Dill
thinks of printers as the “grandfather of Internet of Things,” she said, and as
such, they need to be treated the same as any other device in your cybersecurity strategy. “Printers have ports, protocols, and operating systems. They even have hard drives,” she said. “So, like any computer, those access points can be attacked by hackers.” Malicious agents can easily penetrate these technology endpoints if the proper protections aren’t in place. Dill recommends whitelisting operating software to prevent unauthorized firmware from being loaded onto the network, and runtime monitoring that can not only detect intrusions but automatically recover from them when attacked.’
Multifunction printers such as the HP PageWide A3 offer such features, delivering the industry’s strongest print security in the process. “Hackers can go in through your printers and then move laterally into your network,” she explained. “They can retrieve active directory credentials and then gain access to your infrastructure. You need to be able to monitor your printers, as you do other devices on your network, so that you can see any intrusions in real time and deal with them before any damage is done.”
Your average hospital might have hundreds of printers of varying makes and models. To ensure that sensitive patient information is not compromised while being copied, scanned, or printed, it’s important to invest in printers with built-in security features that allow security and access configuration. Indispensable to maintaining security, Dill said, are pull printing capabilities requiring a PIN/password, or an optimal proximity card reader for an end user to retrieve a printed document. This kind of user authentication ensures the right user is getting the right document at the right device, protecting PHI.
While developing a comprehensive cybersecurity policy in today’s threat landscape can seem overwhelming, Dill said investing in tools that can help better manage the security of endpoint technologies such as printers and imaging devices is key to preventing, detecting, and containing data breaches in the future. “It’s not easy, but it all starts with a risk profile. And that risk profile must consider these endpoints,” she said. “When it comes to cybersecurity, the threat landscape changes daily — if not hourly. You need to make sure you can protect yourself on every access point, including your printers, so that you can respond proactively, not reactively, to any potential security threats.”
When the OCR first started tracking healthcare data breaches, the loss or theft of paper records were often to blame. While the number of paper-related breaches has dropped in the years since, they can and do still occur. That’s why Dill said it is vital that hospitals secure endpoint technologies so that they can both safeguard and track paper documents containing PHI.
“We keep talking about the paperless office, but let’s face it: We aren’t going to get there anytime soon,” she said. “With paper, there’s a lack of visibility and traceability. You don’t know if a document with PHI has been viewed. You don’t have version control. Having a strong document management system
in place that helps you look at and track the entire life cycle of a printed
document is important to avoiding potential breaches.”
“ People think of printers as those dumb little boxes in the corner spitting out paper, but printers have the same components — and the same vulnerabilities — as any computer. That’s why they really need to be part of any comprehensive cybersecurity plan.”
Pamela DillSenior Security Advisor, HP Inc.
GET A PRINTERQUOTE