The document outlines a roadmap for healthcare security focusing on BYOD (Bring Your Own Device) challenges and solutions. It highlights the significant risks of data breaches in healthcare, particularly through mobile devices, and emphasizes the importance of technical safeguards like access control, audit control, and encryption. The use of Virtual Mobile Infrastructure (VMI) is proposed as a solution to centralize app management and enhance security while meeting compliance requirements.

1. Your Roadmap to Healthcare
Security and BYOD

2. Healthcare Security
Checklist
Protect PHI
 Mitigate BYOD risks
 Apply dual factor
authentication
 Encrypt PHI data
Develop repeatable
processes for compliance
Implement procedures
and technologies

3. Healthcare Security Risks
96% of healthcare providers
had one or more data
breaches in the past 2 years1
1 Dell Secureworks
2 2014 Healthcare Breach Report.
Data Loss
68% of healthcare breaches are due to lost or
stolen mobile devices or files2
Impact of BYOD

4. BYOD: A Reality for Healthcare Providers
 Healthcare IT is already rolling out mobile apps
to improve productivity and patient care
– 2 out of 5 doctors already use mobile devices
during consultations1
 Yet mobility also presents a threat…
– 3.1M smartphones were stolen
in the U.S. in 20131
Source: Dell SecureWorks

5. Top Mobile Risks for Healthcare
Lost mobile devices
Stolen mobile devices
Downloading of viruses and malware
Unintentional disclosure to unauthorized users
Unsecure Wi-fi networks
Source: HealthIT.gov, Mobile Devices: Know the Risks

6. 5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Access Control
Audit
Control
Transmission
Security
Integrity
Person or
Entity
Authentication
1.Access Control: Limit users rights to
business need-to-know
– Unique User Identification
– Emergency Access Procedure
– Automatic Logoff
– Encryption and Decryption

7. Access Control
Audit
Control
2. Audit Control: Implement hardware,
software, or procedural mechanisms that
record and examine access to ePHI
5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Transmission
Security
Integrity
Person or
Entity
Authentication

8. 5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Access Control
Audit
Control
Transmission
Security
Integrity
Person or
Entity
Authentication
3. Integrity: Implement policies and
procedures to protect ePHI from
improper alteration or destruction

9. 5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Access Control
Audit
Control
Transmission
Security
Integrity
Person or
Entity
Authentication
4. Person or Entity Authentication: Verify that
users seeking access to ePHI are who they
say they are
– Biometric, smartcard, pin/passcode, token

10. 5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Access Control
Audit
Control
Transmission
Security
Integrity
Person or
Entity
Authentication
5. Transmission Security: Prevent
unauthorized access to ePHI that is being
transmitted over a network.
– Integrity: Prevent modification or tampering of
ePHI data in transit
– Encryption: Encrypt ePHI whenever appropriate

11. BYOD Challenges the 5 Pillars of Security
Transmission
Security
Person or
Entity
Authentication
Audit ControlAccess Control Integrity
Difficult to
audit mobile
activity since
doctors may
share PHI with
patients via
email or text
messaging
apps
Every app may
have different
authentication
methods; they
may not
support
biometric or
PIN/passcode
methods
Mobile apps
may not use
stringent SSL
ciphers or
even encrypt
data at all
IT must define
distinct
policies for
different
users, mobile
apps and
devices—a
management
nightmare
Controls must
be applied to
prevent
accidental
deletion or
alteration of
PHI from
mobile
devices

12. Risks of Uncontrolled Devices
Weak
Encryption
No support for
strong
authentication
Unpatched
application
Stores PHI on
phone
No auditing of
user access
Unpatched
phone OS
In violation of HIPAA compliance requirements

13. IT Management and Training
 IT will likely need to help doctors install mobile apps
– They may also need to assist users through upgrades
 If apps vary by device, IT will need to provide separate
app training for Apple, Android, Microsoft or HTML5
users

14. Mobile Device Management Not Working
20% of enterprise BYOD programs will fail due
to MDM measures that are too restrictive.1
1 2014 MDM research report by ESG
2 2014 Employee BYOD Survey by Zixcorp
3 Gartner 2014 Mobility Predictions; original quote spelled out BYOD and MDM.
For IT TeamsFor Employees
43% worry that employers could
access personal data2
30% are concerned their employer
could control their personal device2
30% say MDM is
more difficult to use
than they anticipated1

15. VDI Isn’t the Solution for BYOD
Expensive
VDI Shortcomings
– Not designed for touch
– No multimedia redirection
– No access to camera,
printer, video, GPS
Total cost for Microsoft
VDI, Citrix, and hardware
is $1,000+ per user1
Not designed for
cellular edge, 3G
networks
1 Microsoft Desktop OS $187 per user, Citrix $300/user
Requires High
Bandwidth
Designed for
Windows

16. Virtual Mobile
Infrastructure
The Roadmap for Healthcare
Security Requires…

17. Virtual Mobile Infrastructure (VMI)
VMI is a service that hosts mobile apps or full
operating systems on remote servers
Provide remote access to:
 Android, Apple iOS and Windows
Phone with client apps
 Any HTML 5-enabled device
Centralize app management to:
 Eliminate need to install and
upgrade apps on every device

18. VMI Benefits for Healthcare Providers
Stop data loss by
preventing users from
downloading data to
their device
Lower IT costs by
eliminating mobile app
management per device
Extend mobile access to
all users and devices
with a HTML5 browser
Meet compliance by
monitoring data access

19. SierraVMI Keeps PHI Data Safe
SierraVMI Shields
Healthcare Data
4096-bit ECDHE
Encryption
Dual factor
authentication
SierraVMI:
• Records healthcare app access
• Stores app data securely in the data center
• IT can centrally upgrade mobile apps
Medical
professional

20. SierraVMI Deployment
SierraVMI hosted in
Secure Data Center
Authentication
Server
Laptop
Tablet
Phone
Databases with
PHI data

21. Mobile App Virtualization Architecture
Android VM Kernel
Multi-User Android Runtime
VMI Security
Gateway
Pharma
App
Patient
Messaging
App
PHI
App
Clients
Authentication
Server
Benefits
 Very high density
 Apps can share resources like CPU
 Easy to manage
 No need for expensive storage
Firefall containerFirefall containerFirefall container

22. Monitor User and Application Activity
 Dashboard of
system status
 Detailed logs
of user activity
 Geo-tracking

23. User Monitoring
 Record user
sessions for
forensics
 Allow admins
to view up to 8
active sessions

24. Prevent Data Loss
 Watermarking deters users
from photographing screens
– Watermark all content including
documents, video, pictures with
no additional overhead
 Anti-screen capture prevents
users from taking screenshots
 With VMI, no data is
downloaded to the phone
– Users cannot copy and paste text

25. Strong Authentication
Prevent unauthorized access with:
– Client certificates
– One-time password (sent via text message)
– Restricting access based on geographic location
– Brute force login protection
Ensure only legitimate users
access your data

26. Single Sign-on to Streamline Management
 Integrate with LDAP, Active
Directory or SAML
 Access email, calendar,
contacts, and business apps
without needing to re-
authenticate
 Automate app provisioning
 Reduce IT helpdesk calls due
to forgotten passwords
 Improve user experience by
eliminating extra login steps
IT Cost ReductionDirectory Services Integration

27.  Centralized data storage
 Prevent data loss from device theft
 Centralized patch management
 Eliminate concerns of devices with vulnerable or unpatched software
 Regularly scan Android server for viruses and vulnerabilities
Simplify and Secure Mobile App Management

28. SierraVMI Benefits for Healthcare
Compliance: Ensure privacy and
prevent data loss
Security: Strong authentication,
4096-bit encryption
Scalability: High user density, high
performance

29. www.sierraware.com
Click now to
view SierraVMI