Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to Guard Healthcare Information with Device Control and Data Encryption


Published on

The need to protect digitized health information is a top priority in the healthcare industry. HIPAA and the HITECH Act put pressure on your organization to maintain the privacy and security of patient data, with the potential legal liability for non-compliance. So how does your healthcare organization meet or exceed industry best practices in guarding healthcare information?

Join this webcast as Eric Ogren, President of The Ogren Group, and Chris Merritt, Solution Marketing Director at Lumension come together to take you through:

• What PHI breaches are currently documented by the US Department of Health and Human Resources (HHS) and why these breaches are occurring
• How a healthcare organization can mitigate costs with encryption technologies
• What to look for in device control and full disc encryption solutions

Published in: Technology
  • Be the first to comment

How to Guard Healthcare Information with Device Control and Data Encryption

  1. 1. How to GuardHealthcareInformation withDevice Control andData Encryption
  2. 2. Today’s Agenda Current IT Security Challenges in Healthcare Answering IT Security Challenges in Healthcare Top 5 Recommendations: What You Can Do Now
  3. 3. Today’s Experts Eric Ogren Chris Merritt Founder & Principal Analyst Director of Solution Marketing The Ogren Group Lumension3
  4. 4. Current IT Security Challenges in Healthcare
  5. 5. Data Breaches Still Occurring5
  6. 6. Data Breaches Still Occurring No. of Reported Breaches HHS Breach Database • 435 incidents involving ~20M records • Median impact = 2,184 records • No breaches in Hawaii, Maine, Rhode Island, and Vermont • Biggest impact on per capita basis: South Dakota and VirginiaIn 2012, 27% of all respondentsindicated their organization had asecurity breach in the past 12 months(up from 19% in 2010 and 13% in2008); of those who reported a breach,69 percent experienced more than one.6
  7. 7. Data Breaches Still Occurring Encryption Impact • 70% of incidents and 86% of records • $1.48B in “hard costs”7
  8. 8. Stepped Up EnforcementAudit Program On-going• Published protocol:• 20 audits complete; 95 remaining audits will occur in 2012• Audits will continue in 2013• Results to date: Issues by Area Observations• Conduct Risk Analysis (17) • Policies and Procedures• Grant Modify User Access (17) • Priority HIPAA Compliance Programs• Incident Response (11) • Conduct of Risk Assessment• Contingency Planning (34) • Managing third party risks• Media Reuse and Destruction (18)• Encryption (10) Next Steps based on the reviews• User Activity Monitoring (46) • Conduct a robust review & assessment• Authentication / Integrity (19) • Determine LoBs affected by HIPAA• Physical Access (9) • Map PHI flow within your organization, as well as flows to/from third parties • Find all of your PHI • See guidance available on OCR web site 8
  9. 9. Stepped Up Enforcement Source: Linda Sanches (OCR), 2012 HIPAA Privacy and Security Audits (June 2012)9
  10. 10. Stepped Up Enforcement10
  11. 11. Meaningful UseStage 1• Effective Feb-2012• 10 steps to meaningful use by Eligible Practices• Core Objective & Measure 15: Protect electronic health information created or maintained by the certified EHR technology through the implement- ation of appropriate technical capabilities• Guidance available at default/files/pdf/privacy/privacy-and-security-guide.pdfStage 2• Effective Jan-2014• Encryption and Auditable events are two key components of Stage 2 certification with regards to the security requirements.Stage 3• Final recommendations published by May-201311
  12. 12. Answering IT Security Challenges in Healthcare
  13. 13. Technology: Moving Faster Than HIPAA An Aug 6, 2012 Google search on “HIPAA compliance virtualization” showed no sources on the first two pages. Virtual Datacenter Virtual Datacenter DMZ Web PCI HIPAA Management13
  14. 14. Defense in Depth: Blend Different Approaches Vulnerability Management Data Reputation/ Protection Behavior Audit Configuration/ Device Attack Control Scanning14
  15. 15. Process: Security for Security Sake Often Fails15
  16. 16. People: Team Approaches Win • Involve business early and continually in process – look for “addressable” approaches where standards are evolving (e.g. BYOD, cloud) – document progress; review results and decisions – train IT staff and users on HIPAA disclosure rules • Audit everything – ingress and egress – you never know what you are going to need • Keep up on-going communications – Learn, learn, learn – you’ll be doing this again!16
  17. 17. Top 5 Recommendations What You Can Do Now
  18. 18. Lumension® Endpoint Management and Security Suite Total Endpoint Protection Endpoint Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Endpoint Operations Endpoint Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Power Management Lumension® Disk Encryption Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  19. 19. Lumension® Patch and Remediation Comprehensive and Secure Patch ManagementEndpoint Operations » Provides rapid, accurate and secure patch and configuration management for applications andEndpoint Operations Lumension® Patch and Remediation operating systems: Lumension® Content Wizard • Comprehensive support for multiple OS types Lumension® Configuration Mgmt. (Windows, *nix, Apple), native applications, and 3rd party applications Lumension® Power Management • Streamline and centralize management of heterogeneous environments • Visibility and control of all online or offline endpoints • Elevate security posture and proactively reduce risk • Save time and cost through automation19
  20. 20. Lumension® Security Configuration Mgmt.Prevent Configuration Drift and Ensure Policy ComplianceEndpoint Operations » Ensure that endpoint operating systems and applications are securely configured and inEndpoint Operations Lumension® Patch and Remediation compliance with industry best practices and Lumension® Content Wizard regulatory standards: Lumension® Configuration Mgmt. • Security Configuration Management • Out-of-the-box Checklist Templates Lumension® Power Management • NIST Validated Solution • Continuous Policy Assessment and Enforcement • Based on Open Standards for Easy Customization • Security Configuration and Posture Reporting20
  21. 21. Lumension® Device Control Policy-Based Data Protection and Encryption» Protect Data from Loss or Theft: Centrally Endpoint Security enforce usage policies of all endpoint ports and Lumension® AntiVirus for all removable devices / media. Endpoint Security Lumension® Application Control» Increase Data Security: Define forced encryption policy for data flows onto removable Lumension® Device Control devices / media. Flexible exception Lumension® Disk Encryption management.» Improve Compliance: Centrally encrypt removable devices / media to ensure data cannot be accessed if they are lost or stolen.» Continuous Audit Readiness: Monitor all device usage and data transfers. Track all transferred files and content. Report on all data policy compliance and violations.21
  22. 22. Lumension® Disk Encryption (powered by Sophos) Transparent Full Disk Encryption for PCs» Secures all data on endpoint hard drives Endpoint Security» Provides single sign-on to Windows Lumension® AntiVirus Endpoint Security» Enforces secure, user-friendly pre-boot Lumension® Application Control authentication (multi-factor, multi-user options) Lumension® Device Control» Quickly recovers forgotten passwords and data (local self-help, challenge / response, etc.) Lumension® Disk Encryption» Automated deployment, management and auditing via L.E.M.S.S. (integrated version)22
  23. 23. 23 Access Firewall Management Network Anti-Malware Patch and Configuration Management Full Disk Encryption Defense-in-Depth with Lumension Port / Device Control and Encryption Access Physical
  24. 24. Risk Management Disparate Data Collection Functional Silos Non Standardized Processes HIPAA Excel SOX Database Business Password Processes Policy PCI Manual IT Surveys Resources Character Length Special Characters Compliance Risk24
  25. 25. More InformationFree Scanner: Discover All Removable Healthy Solution for ProtectingDevice Connected to Your Endpoints Patient Data: Guarding Healthcare Information with Device Control andtools/device-scanner.aspx Data Encryption /Healthy-Solutions-for-Protecting-Patient-Data.aspxFree Evaluation: Lumension® DataProtection IT Pros’ Guide to Data Protection: Top 5 Tips for Securing Data in the Modern Age Busy-IT-Professionals-Guide-to-Data- Protection.aspx25
  26. 26. Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.com