Computer and Network Security Changes

Over the last several months there has been an increase in the frequency and volume of malware, spam, and phishing attacks on La Hacienda’s network. The newest and most destructive of these is ransomware.

Ransomware uses the same methods of transmission as other types of malicious software to infect computer systems with the purpose of restricting a user’s access to computer and network files until a ransom is paid to unlock them.

There has already been several hospitals, police departments, and other private companies that have fallen victim to ransomware attacks. We have also seen an increase in attempts to deliver malicious email attachments through our network.

As many of you are already aware, even with all of our security layers we currently have in place there are still security threats that are getting through our filters. In order to protect our computer and network systems and to ensure there is no disruption in access to our patient medical records, additional security measures will be implemented to our servers, PCs, and network. The additional security measures are a direct response to the increase in local and global security threats ONLY and are not meant to prevent users from performing there daily duties required by La Hacienda or an attempt to save money.

Please be patient with us. Some of the changes will take time to implement and will require testing and feedback from our users until they are adjusted to a reasonable level of protection. Notice of changes will be posted to the intranet.

These are the following security measure that will be implemented to protect La Hacienda users and network:

  1. La Hacienda Email Attachments – Effective immediately, attachments will be removed from all incoming emails, if you receive an email that has had an attachment removed you will see (Attachment Removed contact Help Desk) in the subject. You may contact the Help Desk to have the attachment delivered and the sender will be added to the safe list so future emails with attachments from the sender will be delivered.

  2. Personal Email – Access to personal email accounts through your web browser will be disabled. I understand that this will be frustrating for everyone but it is necessary to protect our network. If you have a smart phone, please utilize our Guest Wifi network to check your personal emails. Additional access points will be added throughout our campus to improve coverage. Access to personal email will be disabled on May 9th, 2016.

  3. USB Flash Drives – Access to USB Flash drives is prohibited and will be disabled on our network. If you need to utilize a Flash Drive, please contact the Help Desk and an approved flash drive will be provided to you.

  4. Scheduled Maintenance and Updates for PCs, Servers, and Network equipment – To ensure that our PCs, Servers, and network equipment have up-to-date security updates and patches, the frequency of scheduled maintenance will increase. Server updates will occur on a set weekly schedule in the evenings. Initially there will be an email reminder as well as posts to the intranet to let everyone know which services will be affected and eventually the update reminders will only be published to the intranet. Updates on PCs will happen every week and if a restart is required that will also occur in the evenings. Please save your work at the end of the day and log out of your PC. Do not turn off your PC.

  5. Antivirus Scanning – A scan will be scheduled every evening to detect and remove any malicious software from the PCs on the network. Do not turn off your PC in the evening. If you turn off your PC at night, the scan will run on the next restart. The scan takes about 45 minutes and will slow your computer until it has completed.

  6. Software Restrictions – Restrictions will be implemented on software that can run and/or execute on our network. Only approved software programs will be allowed to run on our network and limit the ability for malicious software to work. If you are using software that has not been approved by the IS Department, it will be removed.

  7. Drive Encryption – Hard drive encryption will be installed on all La Hacienda PCs and laptops. This will protect all information stored locally on hard drives and protect La Hacienda in the event that a PC or laptop is lost or stolen.

  8. Policy and Procedures – La Hacienda’s Policy and Procedures will be updated to reflect the changes we are applying to our users and network, please review these as they are updated.

  9. Training and Security Bulletins – The IS Department will provide training and education to help protect the users from current and future threats. You are our last line of defense. Security bulletins will also be posted to the intranet when new threats are found.

  10. ESET Security Software – To help promote security and safety for our users, La Hacienda will provide a license, support, and installation of ESET Endpoint Security at no cost to our employees on your personal PCs. If you currently do not have or are unsure if you have personal security software installed on your personal PC and would like to take a advantage of this service, please contact the Help Desk. We have a limited number of available licenses so they are first come first served.

Again, I want to emphasize that these changes are ONLY meant to protect La Hacienda and our patients but they will affect everyone. If any security measure that is implemented prevents you from accomplishing your work, we will review them and make adjustments to give you the access that is needed.

If you have any questions or concerns please let me know.

David James
IS Director/Security Officer