Windows 11 includes security layers to protect patient data
Firewalls, antivirus software, and malware scans have made operating systems much safer over the years, but Brown says there was nothing blocking the worst holes in the overall infrastructure. It’s up to the end user to click on the link and launch whatever he or she has in mind. It was benign. in fact, The “human element” was a factor in 74% of all breaches According to a report from verizon. Windows 11 could change that.
“Windows now constantly scans every Internet site you visit, every document you open, and runs processes to ensure they are legitimate and safe to continue. ,” says Brown.
Windows 11 does this using a feature called Microsoft Defender SmartScreen, one of several new tools rolled out in the operating system update. Here are the security features healthcare organizations should be aware of when considering a migration to Windows 11.
- Bitlocker: This feature was included in Windows 10, but was optional. now, Device and drive encryption is built into the OS By default, patient data is protected from unauthorized access, Brown said.
- Credential Guard: With this feature, Virtualization-based security (VBS) to Protect your system from credential theft and malware attacks According to Microsoft’s blog, this is true even when running with administrator privileges.
- Setting lock: Using mobile device management policies, this feature Monitor registry keys to detect changes Return changed systems to the state desired by IT within a healthcare organization’s device ecosystem. Microsoft says it will also prevent users from changing security settings.
- Hypervisor-protected code integrity: Also called memory consistency, HVCI is another VBS feature that is essential to ensure that all drivers connected to the OS are safe and reliable.
- Microsoft Defender Smart Screen: This program addresses vulnerabilities created by end users. Protection from phishing, malware, and malicious files. SmartScreen constantly monitors the sites you visit, regardless of the browser you’re using, Brown says. He looks up each site you visit against Microsoft’s database of known safe sites and alerts you if a site might be malicious. “His websites, links and attachments are checked and verified before you move your mouse,” he added.
- Microsoft Pluton: This security processor is built on Zero Trust principles.it is Integrated into CPU and OS According to Microsoft, this is to protect your personal information, credentials, and encryption keys. Healthcare IT teams don’t have to update processors manually and can do so via Windows Update, adding another level of security.
- Smart app control: According to Microsoft, This feature blocks malicious and untrusted apps It also includes unnecessary apps that slow down your device or come with unexpected or unnecessary properties like ads or additional software.
read more: See tips for preparing your healthcare organization for Windows 11.
All of these security layers and more are in constant communication and ready to isolate suspicious applications and lock down systems so that malicious programs can’t take over and propagate other devices, Brown said. says. These are all part of his Zero Trust architecture.
“Even if a device is managed, the system no longer trusts it if certain features are turned off. If Microsoft Defender Antivirus isn’t running, you’ll see a ‘No longer trusted’ message. will be displayed. Do not enter until it is fixed. ” If the latest Microsoft patches are not installed, it will not be trusted until: Microsoft Intune The update push is complete,” Brown said, adding: microsoft azure Cloud tools and Microsoft Intune work with the OS to secure your healthcare IT ecosystem.
As devices proliferate in healthcare settings, integrating secure hardware and software is critical. In addition to selling patient data on the dark web, bad actors can also use it to: social engineering To exploit the patient: Cybercriminals can use that data to send emails impersonating the patient’s doctor and trick the patient into clicking on a malicious link.
“Data is now encrypted at the hardware layer as well as the software layer, which makes it much more difficult to break into the system and access patient records,” Brown says.
Windows Hello for Business It can be decrypted by scanning the clinician’s face or fingerprint.
“Introducing encryption across the board from all these different tools, rather than simple passwords, is going to be a game-changer in healthcare,” he added.
For more information about the specific security features provided by Windows 11, we recommend that healthcare IT leaders review the following articles: Windows 11 Security Book: Strong Security by Design.
Windows 11 migration requires partnership and planning
Migrating to Windows 11 won’t happen overnight. It requires careful planning and preparation. However, medical institutions do not have to do it alone. Brown said their technology partners include: CDW can provide assessment tools Helps organizations determine whether their applications and hardware are ready to run Windows 11.
Older devices may not be allowed to run the new OS because the hardware may not be able to run various credential tools or zero trust features in Windows 11. Brown said some users have found ways to bypass the credential checks and install his OS; however, this does not allow organizations to take advantage of the security benefits of Windows 11 and hardware integration. You will no longer be able to enjoy it.
Through assessments, CDW helps healthcare organizations determine whether their systems can support the OS and, if not, what hardware is recommended to run Windows 11 while meeting business needs. .