| Because of HIPAA legislation, health organizations | | | | IM and P2P also expose end-user equipment to |
| have to be particularly careful about the vulnerability of | | | | worms, viruses and other backdoor software that |
| the patient data they maintain. Exposing patient data to | | | | -once introduced, can infect a network and inflict |
| the Internet through IM exchanges or P2P file sharing | | | | damage on a wide scale. Employee abuse of their |
| can jeopardize their compliance with a variety of state | | | | computer privileges can be the silent destroyer of |
| and federal regulations. The popularity of IM and P2P | | | | networks. Whether it is a dramatic problem such as |
| protocols has penetrated every aspect of our society | | | | denial of service or the downloading of backdoor |
| including those organizations entrusted with sensitive | | | | worms and viruses, the misuse can be dangerous and |
| data such as health records. The opportunity for data | | | | damaging and ultimately undermines network security. |
| to be exposed to eyes outside an organization has | | | | Managers of network security need to take |
| increased whether such exposure is intentional or not | | | | advantage of hardware appliance solutions in order to |
| and organizations bound by HIPAA regulations are | | | | fully protect their networks from employee abuse and |
| required to protect their patient data or suffer the | | | | misuse. The damage to productivity and profits of a |
| consequences. | | | | company are only the tip of the iceberg. Introducing a |
| Often in hospital situations, employees on different | | | | filtering option that does not have a single point of |
| shifts are sharing workstations. Many of them may be | | | | failure, or cause latency in network traffic is critical. |
| communicating with family and friends, outside the | | | | Equally important, a solution that doesn't need to share |
| organization, via Instant Messaging or P2P and can | | | | memory or processing power with another device is |
| unknowingly download a malicious agent that can | | | | the best choice to protect networks against security |
| damage not only individual workstations, but entire | | | | breaches and legal liability and to help preserve the |
| networks. Because many people may have access to | | | | corporation's good reputation. |
| the same computer, this activity is difficult to trace and | | | | Legal Liabilities |
| can occur with alarming ease. | | | | P2P and IM file sharing can be dangerous applications |
| When a malicious program is downloaded, it can | | | | that quickly devour bandwidth and jeopardize |
| exploit a back door in the system and proliferate | | | | company finances because companies can be held |
| across the network. Depending on the nature of the | | | | liable for employee actions such as downloading |
| parasitic code, patient information may be accessed | | | | copyrighted song material. In addition, P2P and IMs can |
| and transmitted from behind the firewall to a | | | | contain malicious software that downloads and installs |
| designated IP address or it may launch an attack | | | | itself into the host network; a company's computers |
| against the host network. These types of attacks can | | | | and networks may be used to launch denial of service |
| bring the network down. Even short downtime can | | | | (DoS) attacks on other companies and networks. |
| cause significant financial and data loss. | | | | There is an established legal precedent that will hold a |
| Public Communications | | | | company liable in part for the damages inflicted on |
| Adding more complexity to the situation, the Securities | | | | another company if their computers or networks were |
| and Exchange Commission (SEC) and the National | | | | used to stage the attack. Because of this legal |
| Association of Securities Dealers Inc. (NASD) identify | | | | precedent, the danger to a host network is not just the |
| Instant Messaging traffic as communications with the | | | | loss of bandwidth and subsequent breakdown in |
| public that companies must save and monitor. The | | | | communications, but also the legal liabilities involved can |
| Sarbanes-Oxley Act requires even those instant | | | | result in damage to a company or organization's |
| messages that are casual and personal to be saved | | | | reputation, and even threaten its financial stability. |
| and recorded as formal correspondence. | | | | It's important to note that the damage to an |
| Many companies capture and store the data as | | | | organization's reputation can be more costly in the long |
| required by law. Because this information can be used | | | | run, especially if the organization is supposed to be |
| as legal evidence, there are several instances where | | | | secure and web savvy or if security vulnerabilities can |
| data contained on message boards and via IMs were | | | | threaten to expose sensitive data such as health |
| submitted to support or defeat a case being | | | | records. For hospitals, health insurance and dedicated |
| adjudicated. Imagine if medical advice were contained | | | | health care providers, such damage can result in a loss |
| in an IM, even something as innocuous as advising | | | | of business over time that devastates their long term |
| Tylenol for a feverish child. Such correspondence | | | | prospects and when combined with -short term fines, |
| could be used to make a medical malpractice case | | | | can even mean going out of business or experiencing |
| against a nurse or physician. | | | | a takeover by another health care company. |
| Network Security | | | | |