healthsystemcio.com

healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.

  • About
    • Our Team
    • Advisory Panel
    • FAQs/Policies
    • Podcasts
    • Social Media
    • Contact
    • Privacy & Data Protection Policy
    • Terms of Service
  • Advertise
  • Partner Perspectives
  • Subscribe
  • Webinars
    • 2/7-3rd-Party Vendor Risk
    • 2/9-Leveraging AI to Lower Costs
    • 2/14-Communicating the Value of IT
    • On-Demand Webinar Library

  • About
    • Our Team
    • Advisory Panel
    • FAQs/Policies
    • Podcasts
    • Social Media
    • Contact
    • Privacy & Data Protection Policy
    • Terms of Service
  • Advertise
  • Partner Perspectives
  • Subscribe
  • Webinars
    • 2/7-3rd-Party Vendor Risk
    • 2/9-Leveraging AI to Lower Costs
    • 2/14-Communicating the Value of IT
    • On-Demand Webinar Library

Ask the Pros: How to Defend Autorun Attacks?

04/01/2010 By Anthony Guerra Leave a Comment

Chuck Christian, CIO, Good Samaritan Hospital

Chuck Christian, CIO, Good Samaritan Hospital

Question: With some of the new threats going around that use the Autorun feature of CD-ROMs and Flash Drives; what’s the best defense against this type of attack. You can turn the Autorun feature off with a Group Policy, but then you have some CDs (i.e. PACS images, etc.) that depend upon the Autorun feature to open the view application and displace the PACS images.

 

Barry Mathis, Principal, H.I.S. Professionals

Barry Mathis, Principal, H.I.S. Professionals

HIS Pros Answer: This situation exists in every hospital in America. How do you protect the healthcare data while providing necessary desktop functions for the users?

Today there are many nasty viruses that can propagate by exploiting the Microsoft Autorun feature. To answer this question we should look at several mitigation steps involved in protecting against these viruses and decreasing the risk of exposure.

  • Education and common sense: The hospital must have the USB and CD drives addressed in their HIPAA education process. There should be a policy in place that requires the scanning of all external devices unless the user can verify the chain of custody of the external media. Scanning is always a good idea. In the event of exposure leading to compromised data, a reviewer or auditor will ask for this evidence first.
  • Prophylactic software: There should be real-time virus monitoring software present on the workstations that is updated via an online or network virus dictionary. This software should be periodically tested on all workstations and regularly tested on high-risk workstations.
  • Locking unnecessary devices: As was pointed out in the body of the question, disabling external media drives is easy to manage via Microsoft Policies. This is by far the most secure defense but also creates a fair amount of user dissatisfaction. The hospital should complete a risk assessment focused on external media and disable all unnecessary external media devices.
  • Audit: We no longer work in a “fire and forget” environment where any mitigation step can go untested and unmonitored. Hospitals should routinely audit their mitigation efforts to ensure they are functioning properly and users are complying with policies.

So what remains are those few workstations that simply must have access to their external media drive unimpeded. These should be the few and exceptions to the standard workstations.

There are some tools such as “Autorun Protector” that can be used to disarm the Autorun feature while allowing access to the media. These small applications load into resident memory and treat the autorun.inf as if it does not exist. This does however create an extra step and would require the user to access the external drive and view or execute the desired file.

It is possible there is a silver bullet for this one, but I have yet to run across such a solution. I will invite the readers to respond if they are aware of one.

In the end, there are always going to be careless users that believe they know better than anything they have read or any instructions they have received. So the best offense against these idiots is a good defense against their actions.


Share

Related Posts:

  • Ask the Pros: Meaningful Use, CPOE and the ED
  • Ask the Pros: CPOE or eMAR First?
  • Ask the Pros: What Kind of Discount Can I Get?
  • Ask the Pros: Best Critical Access Hospital Vendor?
  • Ask the Pros: What Happens to Paper-based Data?

Filed Under: Privacy/Security Tagged With: Ask the Pros, Autorun, Barry Mathis

Share Your Thoughts Cancel reply

You must be logged in to post a comment.

To register, click here.

Content by Topic

Partner Sponsors

 


 

 

 

 

 

 

 

 

 

 

 


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Copyright © 2023 HealthsystemCIO.com.