How to Guard Healthcare Information with Device Control and Data Encryption
 

How to Guard Healthcare Information with Device Control and Data Encryption

on

  • 542 views

The need to protect digitized health information is a top priority in the healthcare industry. HIPAA and the HITECH Act put pressure on your organization to maintain the privacy and security of ...

The need to protect digitized health information is a top priority in the healthcare industry. HIPAA and the HITECH Act put pressure on your organization to maintain the privacy and security of patient data, with the potential legal liability for non-compliance. So how does your healthcare organization meet or exceed industry best practices in guarding healthcare information?

Join this webcast as Eric Ogren, President of The Ogren Group, and Chris Merritt, Solution Marketing Director at Lumension come together to take you through:

• What PHI breaches are currently documented by the US Department of Health and Human Resources (HHS) and why these breaches are occurring
• How a healthcare organization can mitigate costs with encryption technologies
• What to look for in device control and full disc encryption solutions

Statistics

Views

Total Views
542
Views on SlideShare
542
Embed Views
0

Actions

Likes
1
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    How to Guard Healthcare Information with Device Control and Data Encryption How to Guard Healthcare Information with Device Control and Data Encryption Presentation Transcript

    • How to GuardHealthcareInformation withDevice Control andData Encryption
    • Today’s Agenda Current IT Security Challenges in Healthcare Answering IT Security Challenges in Healthcare Top 5 Recommendations: What You Can Do Now
    • Today’s Experts Eric Ogren Chris Merritt Founder & Principal Analyst Director of Solution Marketing The Ogren Group Lumension3
    • Current IT Security Challenges in Healthcare
    • Data Breaches Still Occurring5
    • Data Breaches Still Occurring No. of Reported Breaches HHS Breach Database • 435 incidents involving ~20M records • Median impact = 2,184 records • No breaches in Hawaii, Maine, Rhode Island, and Vermont • Biggest impact on per capita basis: South Dakota and VirginiaIn 2012, 27% of all respondentsindicated their organization had asecurity breach in the past 12 months(up from 19% in 2010 and 13% in2008); of those who reported a breach,69 percent experienced more than one.6
    • Data Breaches Still Occurring Encryption Impact • 70% of incidents and 86% of records • $1.48B in “hard costs”7
    • Stepped Up EnforcementAudit Program On-going• Published protocol: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html• 20 audits complete; 95 remaining audits will occur in 2012• Audits will continue in 2013• Results to date: http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-2_lsanches_ocr-audit.pdfAudit Issues by Area Observations• Conduct Risk Analysis (17) • Policies and Procedures• Grant Modify User Access (17) • Priority HIPAA Compliance Programs• Incident Response (11) • Conduct of Risk Assessment• Contingency Planning (34) • Managing third party risks• Media Reuse and Destruction (18)• Encryption (10) Next Steps based on the reviews• User Activity Monitoring (46) • Conduct a robust review & assessment• Authentication / Integrity (19) • Determine LoBs affected by HIPAA• Physical Access (9) • Map PHI flow within your organization, as well as flows to/from third parties • Find all of your PHI • See guidance available on OCR web site 8
    • Stepped Up Enforcement Source: Linda Sanches (OCR), 2012 HIPAA Privacy and Security Audits (June 2012)9
    • Stepped Up Enforcement10
    • Meaningful UseStage 1• Effective Feb-2012• 10 steps to meaningful use by Eligible Practices• Core Objective & Measure 15: Protect electronic health information created or maintained by the certified EHR technology through the implement- ation of appropriate technical capabilities• Guidance available at http://www.healthit.gov/sites/ default/files/pdf/privacy/privacy-and-security-guide.pdfStage 2• Effective Jan-2014• Encryption and Auditable events are two key components of Stage 2 certification with regards to the security requirements.Stage 3• Final recommendations published by May-201311
    • Answering IT Security Challenges in Healthcare
    • Technology: Moving Faster Than HIPAA An Aug 6, 2012 Google search on “HIPAA compliance virtualization” showed no hhs.gov sources on the first two pages. Virtual Datacenter Virtual Datacenter DMZ Web PCI HIPAA Management13
    • Defense in Depth: Blend Different Approaches Vulnerability Management Data Reputation/ Protection Behavior Audit Configuration/ Device Attack Control Scanning14
    • Process: Security for Security Sake Often Fails15
    • People: Team Approaches Win • Involve business early and continually in process – look for “addressable” approaches where standards are evolving (e.g. BYOD, cloud) – document progress; review results and decisions – train IT staff and users on HIPAA disclosure rules • Audit everything – ingress and egress – you never know what you are going to need • Keep up on-going communications – Learn, learn, learn – you’ll be doing this again!16
    • Top 5 Recommendations What You Can Do Now
    • Lumension® Endpoint Management and Security Suite Total Endpoint Protection Endpoint Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Endpoint Operations Endpoint Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Power Management Lumension® Disk Encryption Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
    • Lumension® Patch and Remediation Comprehensive and Secure Patch ManagementEndpoint Operations » Provides rapid, accurate and secure patch and configuration management for applications andEndpoint Operations Lumension® Patch and Remediation operating systems: Lumension® Content Wizard • Comprehensive support for multiple OS types Lumension® Configuration Mgmt. (Windows, *nix, Apple), native applications, and 3rd party applications Lumension® Power Management • Streamline and centralize management of heterogeneous environments • Visibility and control of all online or offline endpoints • Elevate security posture and proactively reduce risk • Save time and cost through automation19
    • Lumension® Security Configuration Mgmt.Prevent Configuration Drift and Ensure Policy ComplianceEndpoint Operations » Ensure that endpoint operating systems and applications are securely configured and inEndpoint Operations Lumension® Patch and Remediation compliance with industry best practices and Lumension® Content Wizard regulatory standards: Lumension® Configuration Mgmt. • Security Configuration Management • Out-of-the-box Checklist Templates Lumension® Power Management • NIST Validated Solution • Continuous Policy Assessment and Enforcement • Based on Open Standards for Easy Customization • Security Configuration and Posture Reporting20
    • Lumension® Device Control Policy-Based Data Protection and Encryption» Protect Data from Loss or Theft: Centrally Endpoint Security enforce usage policies of all endpoint ports and Lumension® AntiVirus for all removable devices / media. Endpoint Security Lumension® Application Control» Increase Data Security: Define forced encryption policy for data flows onto removable Lumension® Device Control devices / media. Flexible exception Lumension® Disk Encryption management.» Improve Compliance: Centrally encrypt removable devices / media to ensure data cannot be accessed if they are lost or stolen.» Continuous Audit Readiness: Monitor all device usage and data transfers. Track all transferred files and content. Report on all data policy compliance and violations.21
    • Lumension® Disk Encryption (powered by Sophos) Transparent Full Disk Encryption for PCs» Secures all data on endpoint hard drives Endpoint Security» Provides single sign-on to Windows Lumension® AntiVirus Endpoint Security» Enforces secure, user-friendly pre-boot Lumension® Application Control authentication (multi-factor, multi-user options) Lumension® Device Control» Quickly recovers forgotten passwords and data (local self-help, challenge / response, etc.) Lumension® Disk Encryption» Automated deployment, management and auditing via L.E.M.S.S. (integrated version)22
    • 23 Access Firewall Management Network Anti-Malware Patch and Configuration Management Full Disk Encryption Defense-in-Depth with Lumension Port / Device Control and Encryption Access Physical
    • Risk Management Disparate Data Collection Functional Silos Non Standardized Processes HIPAA Excel SOX Database Business Password Processes Policy PCI Manual IT Surveys Resources Character Length Special Characters Compliance Risk24
    • More InformationFree Scanner: Discover All Removable Healthy Solution for ProtectingDevice Connected to Your Endpoints Patient Data: Guarding Healthcarehttp://www.lumension.com/resources/security- Information with Device Control andtools/device-scanner.aspx Data Encryption http://www.lumension.com/Resources/WhitePapers /Healthy-Solutions-for-Protecting-Patient-Data.aspxFree Evaluation: Lumension® DataProtection IT Pros’ Guide to Data Protection:http://www.lumension.com/data-protection/data-protection-software/free-trial.aspx Top 5 Tips for Securing Data in the Modern Age http://www.lumension.com/Resources/Whitepapers/ Busy-IT-Professionals-Guide-to-Data- Protection.aspx25
    • Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.comhttp://blog.lumension.com