Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Your Roadmap to Healthcare
Security and BYOD
Healthcare Security
Checklist
Protect PHI
 Mitigate BYOD risks
 Apply dual factor
authentication
 Encrypt PHI data
Deve...
Healthcare Security Risks
96% of healthcare providers
had one or more data
breaches in the past 2 years1
1 Dell Securework...
BYOD: A Reality for Healthcare Providers
 Healthcare IT is already rolling out mobile apps
to improve productivity and pa...
Top Mobile Risks for Healthcare
Lost mobile devices
Stolen mobile devices
Downloading of viruses and malware
Unintentional...
5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Access Con...
Access Control
Audit
Control
2. Audit Control: Implement hardware,
software, or procedural mechanisms that
record and exam...
5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Access Con...
5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Access Con...
5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Access Con...
BYOD Challenges the 5 Pillars of Security
Transmission
Security
Person or
Entity
Authentication
Audit ControlAccess Contro...
Risks of Uncontrolled Devices
Weak
Encryption
No support for
strong
authentication
Unpatched
application
Stores PHI on
pho...
IT Management and Training
 IT will likely need to help doctors install mobile apps
– They may also need to assist users ...
Mobile Device Management Not Working
20% of enterprise BYOD programs will fail due
to MDM measures that are too restrictiv...
VDI Isn’t the Solution for BYOD
Expensive
VDI Shortcomings
– Not designed for touch
– No multimedia redirection
– No acces...
Virtual Mobile
Infrastructure
The Roadmap for Healthcare
Security Requires…
Virtual Mobile Infrastructure (VMI)
VMI is a service that hosts mobile apps or full
operating systems on remote servers
Pr...
VMI Benefits for Healthcare Providers
Stop data loss by
preventing users from
downloading data to
their device
Lower IT co...
SierraVMI Keeps PHI Data Safe
SierraVMI Shields
Healthcare Data
4096-bit ECDHE
Encryption
Dual factor
authentication
Sierr...
SierraVMI Deployment
SierraVMI hosted in
Secure Data Center
Authentication
Server
Laptop
Tablet
Phone
Databases with
PHI d...
Mobile App Virtualization Architecture
Android VM Kernel
Multi-User Android Runtime
VMI Security
Gateway
Pharma
App
Patien...
Monitor User and Application Activity
 Dashboard of
system status
 Detailed logs
of user activity
 Geo-tracking
User Monitoring
 Record user
sessions for
forensics
 Allow admins
to view up to 8
active sessions
Prevent Data Loss
 Watermarking deters users
from photographing screens
– Watermark all content including
documents, vide...
Strong Authentication
Prevent unauthorized access with:
– Client certificates
– One-time password (sent via text message)
...
Single Sign-on to Streamline Management
 Integrate with LDAP, Active
Directory or SAML
 Access email, calendar,
contacts...
 Centralized data storage
 Prevent data loss from device theft
 Centralized patch management
 Eliminate concerns of de...
SierraVMI Benefits for Healthcare
Compliance: Ensure privacy and
prevent data loss
Security: Strong authentication,
4096-b...
www.sierraware.com
Click now to
view SierraVMI
Upcoming SlideShare
Loading in …5
×

6

Share

Download to read offline

Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD

Download to read offline

Simplifying BYOD deployments while satisfying HIPAA and other healthcare regulations. Virtual Mobile Infrastructure with strong biometric authentication and 4096-bit encryption. Android-based VDI for mobile security.

Related Books

Free with a 30 day trial from Scribd

See all

Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD

  1. 1. Your Roadmap to Healthcare Security and BYOD
  2. 2. Healthcare Security Checklist Protect PHI  Mitigate BYOD risks  Apply dual factor authentication  Encrypt PHI data Develop repeatable processes for compliance Implement procedures and technologies
  3. 3. Healthcare Security Risks 96% of healthcare providers had one or more data breaches in the past 2 years1 1 Dell Secureworks 2 2014 Healthcare Breach Report. Data Loss 68% of healthcare breaches are due to lost or stolen mobile devices or files2 Impact of BYOD
  4. 4. BYOD: A Reality for Healthcare Providers  Healthcare IT is already rolling out mobile apps to improve productivity and patient care – 2 out of 5 doctors already use mobile devices during consultations1  Yet mobility also presents a threat… – 3.1M smartphones were stolen in the U.S. in 20131 Source: Dell SecureWorks
  5. 5. Top Mobile Risks for Healthcare Lost mobile devices Stolen mobile devices Downloading of viruses and malware Unintentional disclosure to unauthorized users Unsecure Wi-fi networks Source: HealthIT.gov, Mobile Devices: Know the Risks
  6. 6. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 1.Access Control: Limit users rights to business need-to-know – Unique User Identification – Emergency Access Procedure – Automatic Logoff – Encryption and Decryption
  7. 7. Access Control Audit Control 2. Audit Control: Implement hardware, software, or procedural mechanisms that record and examine access to ePHI 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Transmission Security Integrity Person or Entity Authentication
  8. 8. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 3. Integrity: Implement policies and procedures to protect ePHI from improper alteration or destruction
  9. 9. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 4. Person or Entity Authentication: Verify that users seeking access to ePHI are who they say they are – Biometric, smartcard, pin/passcode, token
  10. 10. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 5. Transmission Security: Prevent unauthorized access to ePHI that is being transmitted over a network. – Integrity: Prevent modification or tampering of ePHI data in transit – Encryption: Encrypt ePHI whenever appropriate
  11. 11. BYOD Challenges the 5 Pillars of Security Transmission Security Person or Entity Authentication Audit ControlAccess Control Integrity Difficult to audit mobile activity since doctors may share PHI with patients via email or text messaging apps Every app may have different authentication methods; they may not support biometric or PIN/passcode methods Mobile apps may not use stringent SSL ciphers or even encrypt data at all IT must define distinct policies for different users, mobile apps and devices—a management nightmare Controls must be applied to prevent accidental deletion or alteration of PHI from mobile devices
  12. 12. Risks of Uncontrolled Devices Weak Encryption No support for strong authentication Unpatched application Stores PHI on phone No auditing of user access Unpatched phone OS In violation of HIPAA compliance requirements
  13. 13. IT Management and Training  IT will likely need to help doctors install mobile apps – They may also need to assist users through upgrades  If apps vary by device, IT will need to provide separate app training for Apple, Android, Microsoft or HTML5 users
  14. 14. Mobile Device Management Not Working 20% of enterprise BYOD programs will fail due to MDM measures that are too restrictive.1 1 2014 MDM research report by ESG 2 2014 Employee BYOD Survey by Zixcorp 3 Gartner 2014 Mobility Predictions; original quote spelled out BYOD and MDM. For IT TeamsFor Employees 43% worry that employers could access personal data2 30% are concerned their employer could control their personal device2 30% say MDM is more difficult to use than they anticipated1
  15. 15. VDI Isn’t the Solution for BYOD Expensive VDI Shortcomings – Not designed for touch – No multimedia redirection – No access to camera, printer, video, GPS Total cost for Microsoft VDI, Citrix, and hardware is $1,000+ per user1 Not designed for cellular edge, 3G networks 1 Microsoft Desktop OS $187 per user, Citrix $300/user Requires High Bandwidth Designed for Windows
  16. 16. Virtual Mobile Infrastructure The Roadmap for Healthcare Security Requires…
  17. 17. Virtual Mobile Infrastructure (VMI) VMI is a service that hosts mobile apps or full operating systems on remote servers Provide remote access to:  Android, Apple iOS and Windows Phone with client apps  Any HTML 5-enabled device Centralize app management to:  Eliminate need to install and upgrade apps on every device
  18. 18. VMI Benefits for Healthcare Providers Stop data loss by preventing users from downloading data to their device Lower IT costs by eliminating mobile app management per device Extend mobile access to all users and devices with a HTML5 browser Meet compliance by monitoring data access
  19. 19. SierraVMI Keeps PHI Data Safe SierraVMI Shields Healthcare Data 4096-bit ECDHE Encryption Dual factor authentication SierraVMI: • Records healthcare app access • Stores app data securely in the data center • IT can centrally upgrade mobile apps Medical professional
  20. 20. SierraVMI Deployment SierraVMI hosted in Secure Data Center Authentication Server Laptop Tablet Phone Databases with PHI data
  21. 21. Mobile App Virtualization Architecture Android VM Kernel Multi-User Android Runtime VMI Security Gateway Pharma App Patient Messaging App PHI App Clients Authentication Server Benefits  Very high density  Apps can share resources like CPU  Easy to manage  No need for expensive storage Firefall containerFirefall containerFirefall container
  22. 22. Monitor User and Application Activity  Dashboard of system status  Detailed logs of user activity  Geo-tracking
  23. 23. User Monitoring  Record user sessions for forensics  Allow admins to view up to 8 active sessions
  24. 24. Prevent Data Loss  Watermarking deters users from photographing screens – Watermark all content including documents, video, pictures with no additional overhead  Anti-screen capture prevents users from taking screenshots  With VMI, no data is downloaded to the phone – Users cannot copy and paste text
  25. 25. Strong Authentication Prevent unauthorized access with: – Client certificates – One-time password (sent via text message) – Restricting access based on geographic location – Brute force login protection Ensure only legitimate users access your data
  26. 26. Single Sign-on to Streamline Management  Integrate with LDAP, Active Directory or SAML  Access email, calendar, contacts, and business apps without needing to re- authenticate  Automate app provisioning  Reduce IT helpdesk calls due to forgotten passwords  Improve user experience by eliminating extra login steps IT Cost ReductionDirectory Services Integration
  27. 27.  Centralized data storage  Prevent data loss from device theft  Centralized patch management  Eliminate concerns of devices with vulnerable or unpatched software  Regularly scan Android server for viruses and vulnerabilities Simplify and Secure Mobile App Management
  28. 28. SierraVMI Benefits for Healthcare Compliance: Ensure privacy and prevent data loss Security: Strong authentication, 4096-bit encryption Scalability: High user density, high performance
  29. 29. www.sierraware.com Click now to view SierraVMI
  • ssuserb3b193

    Sep. 8, 2021
  • grantschick

    Aug. 15, 2017
  • pazon

    Oct. 15, 2015
  • DarrellCross

    Jul. 22, 2015
  • aklochkov1

    May. 14, 2015
  • sgopu

    Mar. 5, 2015

Simplifying BYOD deployments while satisfying HIPAA and other healthcare regulations. Virtual Mobile Infrastructure with strong biometric authentication and 4096-bit encryption. Android-based VDI for mobile security.

Views

Total views

2,237

On Slideshare

0

From embeds

0

Number of embeds

61

Actions

Downloads

154

Shares

0

Comments

0

Likes

6

×