7 Ways to Effectivelyand Securely Manage Print

Intake and outtake forms. Emergency contact information. Prescriptions. Laboratory results. Imaging data. These key provider touchpoints still often occur on paper, even though a significant number of hospitals and health systems have adopted Electronic Health Records (EHR).

Paper carries potential risk. Almost everything a healthcare organization prints contains valuable protected health information (PHI) such as social security numbers, birthdates, insurance coverage identification and payment information. If not carefully protected, printouts can be picked up off a printer tray for internal fraud or exfiltrated from the printer's hard drive by hackers. Even accidental PHI exposure can put integrated delivery networks at risk for Health Insurance Portability and Accountability Act (HIPAA) violations. To improve efficiency while protecting sensitive information, healthcare providers must consider their entire print process carefully.

A recent cyberattack on 150,000 printers showed how vulnerable internet-connected printers are to hackers, printing messages like "You are now part of Flaming Botnet."1

1. Verify the Physical Security of the Printer

When it comes to cybersecurity, IT departments spend most of their time worrying about outside attacks. However, the reality is that the most egregious data breaches emanate from within. That’s why the first step for print security is to secure the printer.

  • Ensure network transport settings are set to Secure Socket Layer (SSL)/TLS 128 bit encryption or higher.
  • Harden print devices by eliminating open ports that are not absolutely needed.
  • Consider placing the printer in a controlled area that only authorized employees can access.
  • Disable physical ports for thumb drives and other data storage devices.
%
of large enterprises admitted suffering at least one data breach through unsecure printing.2

2. Ensure Cybersecurity of the Printer

Enterprise-class printers like the ones used by single- and multi-office healthcare providers as well as hospitals and health systems are as exposed to access as any other endpoint on your network. Secure the printer just as you would a workstation. Security precautions include:

  • Reviewing the printer for unauthorized open ports.
  • Changing the default username/password.
  • Keeping firmware up to date.
  • Installing regular security updates from the manufacturer.
  • Overwriting and erasing data as soon as the print job is complete.
%
of printer data breaches occurred due to interception over the network.3

3. Authenticate Users at the Device and Utilize Pull Printing

Pull printing only releases a document after the user authenticates at the printer using a PIN number, badge or biometric identification. This prevents sensitive documents from sitting exposed or forgotten on the printer tray.

477 healthcare breaches reported to the U.S. Department of Health and Human Services (HHS) affecting over 5.579 million patient records4

4. Leverage Both Authentication and Authorization

Controlling access through authentication keeps unauthorized users at bay and also makes it simple to restrict device features, such as scanning, printing in color, or email to certain users or groups. This solution helps ensure documents are sent to the correct printer while scans are sent to the user's email or network folder, keeping documents and scans from going to the wrong printer or person.

5. Protect Faxes from Prying Eyes

Healthcare organizations receive a significant amount of payment and patient information via fax. Configure the device to password protect incoming faxes so only the appropriate person can access it.

%
of healthcare print volume is related to fax.5

6. Safeguard Documents as they Travel both Inside and Outside your Domain with Enterprise Digital Rights Management (EDRM)

Sophisticated EDRM technology can protect confidential PHI at the file level. It gives document owners the ability to prevent copying, modifying, printing and even granting or revoking access at anytime and anywhere.

  • Encryption: Utilize encryption to protect document data during file transmission and storage.
  • Digital signatures: Embed the user name and/or device serial number into any document to enable notification if changes are made.
  • Rules-based printing and distribution: Assign rules to documents, content types and keywords to ensure the user has permission to view, copy, paste, save, print, and share.
  • Secure watermark: Discourage unauthorized copying by printing documents with a secure one-time watermark that only shows if a copy is made.

7. Monitor and Track Printing at the User and Document Level

In the case of an audit, it will be crucial to be able to prove compliance or trace unauthorized use. Use a centralized auditing tool to manage access and to control, set, and update policies; to oversee users and activity; and to run audit reports on usage. This will ensure audit logs for every successful and unsuccessful document access request are recorded.

SOURCES

  1. Cybersecurity Insiders, "Cyber Attack Launched on 150,000 Printers Working Worldwide."
  2. Quocirca, Print Security, An Imperative in the IoT Era, January 2017
  3. Ibid
  4. Protenus' Breach Barometer 2017 year-in-review
  5. Becker’s Health IT & CIO Report, "Three Steps to Achieving Document Efficiency in Healthcare," April 25, 2017.
To learn more about how you can secure print, visit csa.canon.com/security.
Top