In February 2017, a hacker going by the name "stackoverflowin" accessed over 150,000 internet-connected printers and printed messages stating, "Your printer has been pwnd'd!" — hacker-speak for gaining access to and claiming ownership of a system.
When an organization's network is breached, it is a serious threat to information security. In this situation, however, the hacker claims that he or she was merely calling attention to how woefully inadequate printer security is in many organizations. To some, the hack might have been considered a helpful joke, albeit one with a serious message. But to IT professionals who are serious about security, this breach raised many concerns.
This was not the first warning of its kind, and yet many IT organizations still do not realize that their printing environments can be the weak links in their security plans. Hackers printing something on your devices from a remote location may not sound like much at first, but what happens when an outsider can access the document content that a printer has processed?
Then it becomes a serious risk, especially for healthcare organizations that must protect documents that contain confidential patient information.
Secure printing safeguards protected health information
According to International Data Corporation, cybersecurity has been a growing part of healthcare providers' IT budgets in recent years. Despite the heightened focus on health data security, printer security is still too often excluded from these investments. You might think this is a logical result of people printing less in our increasingly digital world, but in fact, the opposite is true.
Millennials have become the largest living generation, outnumbering Baby Boomers, and while they may seem to live online more than in the real world, they actually print more hard copies than preceding generations, according to IDC research. The point is, printing isn't going away anytime soon, and printers are every bit as important to an organization's overall security strategy as any other device connected to the network.
Be sure that your print infrastructure is an essential part of your organization's security strategy, and roll out appropriate policies and procedures across your enterprise. An effective print strategy should include these steps:
1. Secure your devices.
Leaders in healthcare understand the critical nature of information security as it pertains to the Health Insurance Portability and Accountability Act, but not everyone understands that printing plays an important role in that story. Printers are networked computers, and they require the same level of security attention that workstations receive.
Printers are not typically secure right out of the box; they must be locked down and configured so that only authorized employees can use them. While often overlooked, the process of securing network printers is straightforward: Each printer comes with a default password. As with any password, you should change these to something unique. Then, set up the built-in firewall and create an access control list and an update schedule for firmware to ensure ongoing protection. Your hardware provider should be able to guide you through these device security procedures.
2. Protect your printed documents.
In a 2016 study by Quocirca, 81 percent of organizations said that print security was important or very important to driving business value — up from 75 percent in 2015. That same study revealed that 61 percent of organizations reported one or more print data breaches in the past year, which may explain the increasing level of concern.
And yet, even within organizations that are actively working to secure their network devices, printed documents are frequently left in or near printer trays where they can be viewed, copied or carried off by anyone. This is a significant security risk and a potential HIPAA violation. One of the most effective ways to prevent this is to deploy a pull printing solution.
With this technology, employees print to a secure network queue rather than directly to a printer. To print a hard copy, employees must be present at a device to authenticate using their network login credentials or a proximity card. This is the best way to prevent unauthorized print, copy, scan or fax activity and to protect the confidentiality of printed documents.
At one of the largest health insurers in the United States, for example, secure printing is a contractual requirement. One of the segments it serves is the federal government, and some agencies require suppliers to have protocols in place to ensure that printed documents are retrieved only by document owners or their authorized assistants.
Secure pull printing is a simple but highly effective way for such organizations to fulfill these security obligations. Without this technology in place, this health insurer would be out of compliance with its largest customer — the federal government — and could risk losing its contract.
Of course, the responsibility for keeping information secure doesn't end at the printer. The least secure document is often the one you just printed. Employees must understand the significance of printed information as it relates to privacy and HIPAA and handle printed documents with care. That's why it's so important to roll out enterprisewide initiatives and internal communications that educate employees and promote mindful printing habits. These efforts will reduce security risks and unnecessary costs.
3. Monitor and manage your print environment.
Once you have taken steps to ensure that your printers and documents are secure, take advantage of the modern print management tools available today. With cloud services, for example, you can easily track and audit printing activity throughout the organization — at the user, document and device level.
You would be surprised how much money a healthcare organization can save by continually monitoring printing trends, educating employees and optimizing print workflows. We find that healthcare systems typically spend at least $400 per employee per year on print alone, not including documents that are printed by external services. Reducing these costs by 25 to 40 percent or more represents a significant savings opportunity.
Too often, healthcare organizations focus only on devices, and usually just for billing purposes. It's important to expand this focus to identify unnecessary printing activity, reveal opportunities to reduce your organization's reliance on paper, optimize the environment to promote less demand and, ultimately, save a lot of money. Improvements directly related to improving security will also positively impact workflows and employee productivity.
To maintain a reputation as a secure, modern healthcare organization that employees and patients alike can trust, you simply can't omit printing from your security strategy.
Michael O'Leary is Vice President-Enterprise Accounts at Pharos Systems International, a print management software and solutions company based in Rochester, N.Y. With more than 30 years of experience in the technology and print industries, Michael leads an organization that provides software, subject matter expertise, thought leadership and best practices to some of the largest companies in the world.
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.