Kareo’s Security Team, Jesse Salmon (Information Security Manager) and Tim Nabhani (Security Architect), will go over some of the biggest risks and misconceptions in data security as it relates to the cloud. They will also share some key security measures to look for when evaluating a cloud-based solution.
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
Addressing the Data Security Risks of Cloud-Based Software
1. webinar
Addressing the Data Security
Risks of Cloud-Based Software
Tim Nabhani & Jesse Salmon August 21, 2019
2. kareo.com
Agenda
2
Agenda
2
• Welcome & Introductions
• Data Security Overview
• On-Premise Data Security Best
Practices
• Cloud Data Security Measures
• General Data Security Best Practices
• How Kareo Can Help
• Your Questions
3. kareo.com 33
How to Participate Today
Type your questions
Download today’s resources
View today’s presentation
4. kareo.com 44
Connect via Social
twitter.com@GoKareo
facebook.com/GoKareo
linkedin.com/company/kareo
5. kareo.com 55
Kareo and PAHCOM
• PAHCOM has approved 1 CEU credit
• You’ll be asked at the end of the
webinar if you want a CEU certificate
• Certificates will be emailed within the
next few days
• Attendees must be logged into the
webinar to receive credit
Supporting Your Professional Development
6. kareo.com 66
Speakers
Tim Nabhani is an Information Security Architect at Kareo. He is responsible for
developing solutions to meet Kareo's strategic security initiatives. He has earned
his Masters in Computer Science from Cal State Long Beach, along with various
Information Security certifications such as CISSP and GPEN, and has over a
decade's worth of experience in building and securing technology solutions.
Tim Nabhani
Jesse Salmon
Jesse Salmon leads Kareo’s Information Security Team which maintains technical
safeguards to protect patient data. He got his start in Information Security while
attached to the 1st Marine Expeditionary Force serving as an information
assurance team lead. While deployed, Jesse learned the importance of
measuring and incremental improvement of security controls. Taking these skills
to the private sector, Jesse consulted for Fortune 500 companies providing
services around Identity and Access Management, PCI compliance and threat
detection.
8. kareo.com 88
Why is Security Important?
Bad Guys want to steal your data
• For Profit
• Fullz
• State Actors
• Corporate Espionage
• Hacktivists
Legal Requirements
• HIPAA / HITECH
9. kareo.com 99
Where to Store your Data?
Storing your data in the cloud vs. storing your data on a company server
- How does it work?
- How is data securely stored?
10. kareo.com 1010
The Myths
1. “My data is stored in the cloud so I don’t need to back it up.”
2. “Because my data is stored in the cloud, it is being used
securely.”
3. “The free software I’m using is truly free.”
4. “The cloud is new technology and can’t be trusted.”
5. “My on-premise servers are more secure than the cloud.”
13. kareo.com 1313
Protecting Your Servers by Prevention
Security measures must be taken to protect information
from unauthorized modification, destruction, or disclosure
whether accidental or intentional.
Secure Your Network
• Hide and protect your WiFi
Protect the Perimeter
• Enable firewall protection at work
Invest in Tools
• AntiVirus
Update
• Install latest patches
14. kareo.com 1414
Protecting Your Servers though Detection
The most important element is timely detection and
notification of an attack
Physical Security
• Lock all filing cabinets and checking if still locked
• Closed circuit cameras
Monitoring and Logging
• Log all events in case of an investigation
• Deploy sensors throughout your network
• Commonly found in endpoint security software
15. kareo.com 1515
Protecting Your Servers with your Response
Making important decisions or developing policy while under
attack is a recipe for disaster.
This process is extremely important due to the lessons
learned.
Test Your Security
• Penetration testing
• Virtual fire drills
Disaster Recovery
• Planning
• Testing
• Updating
17. kareo.com 1717
HIPAA Requirements
BAA (Business Associate Agreement) between you and your software
provider clarifies responsibilities in the event of a data breach
• Unless otherwise stated, the provider (you) is fully responsible for the
protection/safety of all patient information
20. kareo.com 2020
Questions to Ask
Certifications?
HITRUST
• Highest healthcare security standard
possible
• Provides evidence that security systems
are audited by independent 3rd party
Reports?
SOC2 Type 2 Report
• Rigorous proof and test of existing
controls
22. kareo.com 2222
Training Your Staff
Think Before You Click
• If you’re not expecting it, don’t click it
• No pop-ups or unknown emails/links
Multiple Strong Keys
• Use strong password and update it
regularly
• Use a second factor to authenticate
23. kareo.com 2323
Free is not Free
Free Browser Plugins are Dangerous
• Read your cookies
• See the URLs you access
• Access files on your computer
• See your web requests
Free Software is NOT Free
• You’re probably paying with data instead of money
• Giving others access to data puts you and your patients at risk
Advertisements can carry viruses
• New type of malware carried through ads called Malvertizing
25. kareo.com 2525
Awards and Rankings
Growth Awards
The speed at which medical
practices are moving to Kareo and
referring it to other providers.
Software Reviews and Rankings
3rd party recognition, driven by
direct customer feedback, equals
trust and credibility.