WA News News & Reports IT Security Issues on Rise
IT Security Issues on Rise
Written by Mr Jerome Chiew
Thursday, 23 June 2016

IT security is more challenging with each passing day. Evolving versions of ransomware, a malicious piece of software that encrypts all your data requiring you to pay a ransom fee to obtain the key to decrypt (www.us-cert.gov/ncas/alerts/TA16-091A), now is able to propagate itself across removable media, from USB flash drives, to writeable CDs and DVDs (https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/).
Ransomware is typically delivered one of two ways, firstly as legitimate looking emails from trusted sources like banks, government agencies and your friends. Secondly, through compromised websites that serve up the virus when you visit, or through the advertising space that the hackers have purchased.
0716-ehealth-Identification-recordRansomware scans and encrypt all files it can find locally and on all remote computers and servers. Nothing is safe, as long as it is connected and accessible in some way, even backups, rendering a recovery impossible. There is no guarantee that paying the ransom fee gets the key to decrypt the files – instead, a second ransom demand may result. Therefore, the only way to recover is to ensure multiple backups are kept offline, going back far enough from the infection date to obtain a ‘clean’ restoration.
Here are some general security tips:
•    When browsing websites, do not download or run any files you did not specifically request. Close all unwanted pop-ups by clicking the X at the top right hand corner of the window – many pop-ups feature fake buttons, which when clicked, provide consent to download and execute the virus.
•    It is important that staff members are trained to not click on any links or open any attachments in emails that they have any inclination of being unauthentic. Some fake emails are easy to spot with obvious grammatical and spelling mistakes, others are meticulously crafted and even the sender’s details seem genuine (i.e. close to impossible to identify as fake). If in doubt, always verify the email or attachment by contacting the sender.
•    If you suspect that your PC has been infected, stop using it and notify your practice manager immediately.
•    Create a strong password policy in the practice to reduce the risk of becoming compromised: set a finite number of attempted logins to lock out the user for a set time; change passwords regularly; and incorporate upper case letters, a number and a symbol, and span a minimum 8 characters.
•    Ensure that firewalls are enabled for all servers and PCs in your local network including the Internet modem router.
•    Good PC ‘hygiene’ wards against infection. Keep fully up-to-date with the latest Windows patches and fixes through Windows Update. Ensure that you have a good antivirus and antimalware software running to stop the virus before it can load. Change default settings and security policies. US Government provides useful guidelines at www.us-cert.gov/ncas/tips/ST15-003.
•    Consider investing in a unified threat management (UTM) device. This sits between your modem and network, acting as a gatekeeper, filtering all incoming Internet traffic, before forwarding to the PCs. It protects against viruses, malware, SPAM and mitigates hacking intrusion attempts by scanning for malicious activity.https://en.wikipedia.org/wiki/Intrusion_prevention_system
ED: Questions? Contact Jerome www.critical-it.com.au

While communication is one thing, investigation of notifications is another. We believe good doctors want the bad ones weeded out but they don’t want to be part of a witch hunt or get buried in lawyers, politics or paperwork.

The national Medical Board can respond to a complaint or act on the advice of the WA Medical Board to establish an assessment panel to either examine the health or performance and professional standards of a doctor. Health consumers are represented on panels along with medical practitioners.

The Medical Board and AHPRA have undisclosed lists of doctors who are approved by them as panellists and probably as expert witnesses. Many of these people, we believe, were ‘grandfathered’ across when National Law first came in (2010). Their impartiality is as unknown as they are. Then we have expected biases of the legal assessors, chosen by AHPRA, possibly thrown into the mix.

Is there a problem, Houston?

It is important this is sorted to everyone’s satisfaction as 42% of doctors in our survey thought panellists could lack impartiality to a serious extent.

In fact, only one quarter of doctors we surveyed (n=195) were happy with the impartiality shown by AHPRA or the Medical Board in processing a complaint (with 36% unhappy and 39% undecided). Nearly all of those who were unhappy said they were concerned that unfairness will be seriously damaging to someone. Investigation is a very confronting experience.

If someone is being investigated by a panel, either the panel or the person being investigated can opt for a more out-in-the-open State Administrative Tribunal (SAT) judicial hearing – the panel usually refers because it feels the evidence before it constitutes more serious professional misconduct.

What Fair Doctors Want

Talking to doctors, they appear to want an apolitical system of investigation that is fair and timely. They want to be treated reasonably. Unlike the legal profession, their work is mostly built around trust and honesty. They do not want a return to the ‘good old days’ where those with a political bent in the medical profession could influence what the Medical Board did.

While this is a very difficult area for us to investigate, with arguments and counter-arguments at every step, we cannot understand why the Medical Board would turn to arguably the most political organisation, the AMA, for its counsel (the national Board Chair met earlier this year with “senior leaders from AHPRA and representatives of the AMA” to workshop doctor complaints).

Why? Our e-Poll responses raise a question mark over the AMA’s involvement (and we don’t think AMA members have been polled on this issue.)

Normal 0 false false false EN-AU X-NONE X-NONE