Most medical practices have permitted key business partners to access critical IT systems remotely. This is usually done to provide fast and efficient support of these systems. It could be an EMR vendor that needs to access a database, or perhaps a third-party IT service provider that will access systems for updates. Regardless of the requirement, every form of remote access that is provided to an outside party is a potential risk.
As part of ongoing risk management, practices should evaluate the remote access that has been given over time to make sure any vulnerabilities are minimized. Questions that should be asked of vendors in order to determine the level of risk include:
Practices should also review their offboarding policies to ensure that any remote tools that may have been used by vendors (or staff) are removed when a relationship is terminated. Remote access should only be facilitated via secure technologies that are designed to be used within a highly-secure business environment.
Evaluating remote access as part of an ongoing vendor management program can help minimize the risk of unauthorized access. If you're currently planning your next IT Risk Assessment, I would strongly consider including as part of your evaluation an analysis of the current remote access tools to determine if changes should be made.
Nic Cofield is an IT specialist with Jackson Thornton Technologies.
You may not be getting all you can out of your browsing experience
and may be open to security risks!
Consider upgrading to the latest version of your browser or choose on below: