Security Recommendations
Definitions
- A ‘Trusted User’ is defined as a person or service who has the rights/need to access PHI & PII data or who needs access to the machines containing such data for maintenance reasons.
- A ‘Client Machine’ is any machine with EXACT installed.
- Server refers to the Server machine running the EXACT Services.
Trusted Users
- Only Trusted Users should have the rights to logon to the server.
- Trusted Users should have strong passwords which should be periodically changed.
- Practices should take due care in assigning role based access profiles.
Server Security
PII & PHI data is only stored on the server. For this reason, the server must be physically secure and be connected to a secure network.
- The EXACT Server should not be portable.
- The Server should be in a physically secure environment e.g. low physical access location, locked room, or cabinet.
- Implement BitLocker on hardware encrypted storage drives.
- Antivirus software should be installed and updated regularly.
- OS should be on supported versions and updated with the latest patches.
- The EXACT version should be kept up to date.
- The Server should have a Firewall
- EXACT has specific rules for this Firewall.
Client Machine Security
- Workstations do not store or have direct network access to any PII or PHI data (Network based security). PII and PHI data are only stored on the server.
- Antivirus software should be installed and updated regularly.
- Operating System should be on HSO supported versions and updated to the latest patches.
- EXACT will be updated automatically.
EXACT Security
- EXACT Admin rights should only be allocated to a specific Admin user, not for normal Exact usage. A Trusted User who is also an Administrator of EXACT will have two logons.
- EXACT users should always have the minimum necessary rights.
Network Security
- Use WPA3 Encryption:
- WPA3 is the latest and most secure Wi-Fi encryption standard. If your router supports it, enable WPA3.
- If not, use WPA2 with AES encryption
- Strong Passwords:
- Set a strong, unique password for your Wi-Fi network that must contain 8 or more characters.
- Avoid using easily guessable information like names or common words
- Change Default Settings:
- Change the default SSID (network name) and administrative credentials of your router.
- Default settings are often known to attackers
- Disable WPS:
- Wi-Fi Protected Setup (WPS) can be a security risk.
- Disable it to prevent unauthorized access
- Firmware Updates:
- Regularly update your router’s firmware to ensure you have the latest security patches
- Network Segmentation:
- Create separate networks for different devices. For example, have a guest network for visitors and a separate network for your IoT devices. Your EXACT network should be kept separate from any guest networks and networks using IoT devices.
- Guest WIFI networks should not be the same as the network that EXACT is on.
- Remote Management:
- All access to the practice on premise environment is at the practice’s discretion and management.
- Enable Firewall:
- Use the built-in firewall on your router to add an extra layer of security
- Monitor Connected Devices:
- Regularly check the list of connected devices to ensure there are no unauthorized devices on your network
Software of Excellence disclaimers
- The practice security recommendations are offered as a guide, as advice, are not necessarily all encompassing nor are to be solely relied upon.
- The practice is encouraged to engage the services of relevant IT security professionals.
- Software of Excellence and Henry Schein One do not specifically recommend any IT security providers nor any third party software or hardware products.
Comments
0 comments
Please sign in to leave a comment.