Peripheral Devices Need Protection Too – Securing Sophisticated Printers in the Age of Heightened Cyberattacks

Dec 20, 2017

Healthcare organizations too often take a singular, tunnel-vision approach to their data security practices. According to a report by Health Data Management, most organizations tend to prioritize securing their network and its perimeters with little attention paid to protecting peripheral PHI access points like sophisticated printing devices.

In short, sophisticated printers are an example of multifunctional peripherals (MFPs) – machines that provide a multitude of services without the need for buying separate devices. In this case, we’re talking office communications services like printing, faxing, scanning, and copying all contained in a single device.

Sophisticated printers are popular for both their affordability and operational efficiency, but if left unsecured, records of sensitive PHI data can be exposed to anyone with the means to access them without proper authorization. This is because, according to the report, that the Federal Trade Commission considers digital copiers the same as computers, since they also have hard drives, embedded firmware, and can interact with other network systems. Thus, if left unsecured, they are just as vulnerable to intrusion as an ordinary PC. These same risks can also apply to other common healthcare data access points like improperly protected IoT technologies, unsecured off-network endpoints, and commercial email solutions that may not be suitable for secure messaging in an environment where there is little to no tolerance for violating HIPAA regulations.

The report also highlighted how many healthcare organizations still store their patient information in hard copy files, which are perhaps most vulnerable of all due to their permanent presence in a physical location. Though these physical documents can be converted to EHR files, the digital file can remain on a sophisticated printer’s hard drive and thus vulnerable to intruders. As long as these peripheral technologies are not secured, they remain a prime access point to hijack PHI.

A truly HIPAA compliant data security strategy requires a holistic approach that extends beyond an organization’s network and perimeters. Peripheral access points like sophisticated printers require as much attention as the core network itself.

Here are some tips to ensure that your sophisticated printing devices remain properly secured:

Fax First

The online fax market is booming and projected to rise to a multibillion dollar value by 2022. Why? Organizations that implement a digital fax solution see the tangible benefits.

Unlike email messages, which can potentially bounce around a multitude of unsecured servers before arriving at the receiver’s inbox, documents transmitted through online faxing services go directly from endpoint to endpoint without any detours along the way. This ensures a more direct method for exchanging sensitive data that doesn’t compromise speed or security.

Secure the Peripheral

Hold your sophisticated printers, IoT devices, and other peripherals to the same standard that you hold core devices to. Place the proper network printer security measures and protocols in place and regularly check your printer’s hard drive to see if there are records that can be cleaned from the hard drive if already electronically stored elsewhere. This will reduce the amount of sensitive information, such as PHI, that is lingering in storage.

Security is a Culture Problem, Too

Without proper data security training, members of your organization may not be properly equipped to carry out HIPAA compliant document delivery practices. Once you have set the proper measures in place, take the time to train those who interact with these sophisticated printing devices regularly so that they understand the protocols and guidelines for HIPAA compliant faxing.  This will help further integrate data security into the cultural framework of your organization.

Use a Solution that Works

Forget what you know about traditional faxing and experience the optimal performance of a HIPAA compliant internet fax service that exceeds expectations. In today’s technological landscape, you no longer have to suffer the drawbacks of slow document delivery times, busy inbound faxes, and hissing modems.

ETHERFAX’s HIPAA compliant SENx network takes both data encryption and document delivery speed to the next level. Using the hybrid Elliptic Curve Integrated Encryption Scheme (ECIES), documents are 100% guaranteed secure as they are transferred between two endpoints. This starts with Elliptic Curve Cryptography that generates a shared secret between peers to seed the encryption process with unique keying material while further protecting files by using signing and authentication mechanisms to assure the validity of the data in transit. These features, plus the standard direct end-to-end nature of online fax communications, allow for digital content to travel between subscribers within the ETHERFAX network nearly instantly and completely risk-free.

Have any questions about how SENx can secure the peripheral devices in your healthcare organization? Contact us today and see how we can help you.

Paul Banco

As CEO of ETHERFAX®, Banco is responsible for the strategic direction of the company and leads technology development, including the patented ETHERFAX and ETHERFAX SEN intellectual property. Banco helped organizations automate their fax server operations. As a visionary, he identified the need to leverage the cloud for secure document delivery and co-founded ETHERFAX in 2009 with other telecom industry veterans.

Check these out too...