Last week I had posted about Peer to Peer networks and medical information being shared.  Most of this can be controlled through use of “Group Policy” and Active Directory with Microsoft products.  It is not a bad idea a well to use a forensic service to check and see what is out there as well.  Many major healthcare facilities already do this.

Here are a couple links to such providers. 

Tiversa Forensics

Isis Forensics

Healthcare Workers Sharing Music and they could also be sharing Medical Records and Files

This is a good article about Peer to Peer sharing.  Pretty much, most of us are aware of what P2P sharing is on the web, music and videos being the imagedriving force here, and it was how the original Napster (not in it’s current form) got started.

With Peer to Peer software, you are in fact allowing another computer to access files on your hard drive of your computer, knocking down all firewalls for access.  Most of the software companies do include preferences to allow one to decide which folders and areas can be shared, but unfortunately a misconfiguration by someone who is not computer savvy enough can lead to security leaks.  Be default most have the user select a folder to share, but again configurations can be changed and if a document is placed in that folder, well it too is fair game.  

Most larger institutes subscribe to services that go out and monitor the peer to peer services to check and see if anything of a personal nature or medical files have ended up there, which is not a bad thing to do so you are in the know.  As stated here if one were logged on to a remote server and saved a document to their own PC from the server, it is now outside the realm of what can be protected on the server and if it ends up in that “shared” area of a personal PC, everyone on the network can access it. 

Even if you do feel you have your network locked down, sometimes it is still not a bad idea to use a service as such to make sure and to ensure someone from home who logs in didn’t download a spreadsheet or Word document with information being use on a home computer, while being connected to a Peer to Peer network at home when remotely working.  Have I ever walked in and found Peer to Peer software on hospital computers, you bet, has been a few years back, but it was there, downloaded by employees who were operating with computers that had not been added to Group Policy, but were on the network, this instance had not brought the PCs under group policy and were connected to the Active Directory in Outlook, so they were pretty well exposed to say the least, all for the sake of getting that music.  BD 


Post a Comment

Google Analytics Alternative