SlideShare una empresa de Scribd logo

How to Guard Healthcare Information with Device Control and Data Encryption

Descargar como PPTX, PDF
Lumension
Lumension

The need to protect digitized health information is a top priority in the healthcare industry. HIPAA and the HITECH Act put pressure on your organization to maintain the privacy and security of patient data, with the potential legal liability for non-compliance. So how does your healthcare organization meet or exceed industry best practices in guarding healthcare information? Join this webcast as Eric Ogren, President of The Ogren Group, and Chris Merritt, Solution Marketing Director at Lumension come together to take you through: • What PHI breaches are currently documented by the US Department of Health and Human Resources (HHS) and why these breaches are occurring • How a healthcare organization can mitigate costs with encryption technologies • What to look for in device control and full disc encryption solutions

Tecnología
1 de 26
How to Guard Healthcare Information with Device Control and Data Encryption
Today’s Agenda Current IT Security Challenges in Healthcare Answering IT Security Challenges in Healthcare Top 5 Recommendations: What You Can Do Now
Today’s Experts Eric Ogren Chris Merritt Founder & Principal Analyst Director of Solution Marketing The Ogren Group Lumension 3
Current IT Security Challenges in Healthcare
Data Breaches Still Occurring 5
Data Breaches Still Occurring No. of Reported Breaches HHS Breach Database • 435 incidents involving ~20M records • Median impact = 2,184 records • No breaches in Hawaii, Maine, Rhode Island, and Vermont • Biggest impact on per capita basis: South Dakota and Virginia In 2012, 27% of all respondents indicated their organization had a security breach in the past 12 months (up from 19% in 2010 and 13% in 2008); of those who reported a breach, 69 percent experienced more than one. 6
Data Breaches Still Occurring Encryption Impact • 70% of incidents and 86% of records • $1.48B in “hard costs” 7
Stepped Up Enforcement Audit Program On-going • Published protocol: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html • 20 audits complete; 95 remaining audits will occur in 2012 • Audits will continue in 2013 • Results to date: http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-2_lsanches_ocr-audit.pdf Audit Issues by Area Observations • Conduct Risk Analysis (17) • Policies and Procedures • Grant Modify User Access (17) • Priority HIPAA Compliance Programs • Incident Response (11) • Conduct of Risk Assessment • Contingency Planning (34) • Managing third party risks • Media Reuse and Destruction (18) • Encryption (10) Next Steps based on the reviews • User Activity Monitoring (46) • Conduct a robust review & assessment • Authentication / Integrity (19) • Determine LoBs affected by HIPAA • Physical Access (9) • Map PHI flow within your organization, as well as flows to/from third parties • Find all of your PHI • See guidance available on OCR web site 8
Stepped Up Enforcement Source: Linda Sanches (OCR), 2012 HIPAA Privacy and Security Audits (June 2012) 9
Stepped Up Enforcement 10
Meaningful Use Stage 1 • Effective Feb-2012 • 10 steps to meaningful use by Eligible Practices • Core Objective & Measure 15: Protect electronic health information created or maintained by the certified EHR technology through the implement- ation of appropriate technical capabilities • Guidance available at http://www.healthit.gov/sites/ default/files/pdf/privacy/privacy-and-security-guide.pdf Stage 2 • Effective Jan-2014 • Encryption and Auditable events are two key components of Stage 2 certification with regards to the security requirements. Stage 3 • Final recommendations published by May-2013 11
Answering IT Security Challenges in Healthcare
Technology: Moving Faster Than HIPAA An Aug 6, 2012 Google search on “HIPAA compliance virtualization” showed no hhs.gov sources on the first two pages. Virtual Datacenter Virtual Datacenter DMZ Web PCI HIPAA Management 13
Defense in Depth: Blend Different Approaches Vulnerability Management Data Reputation/ Protection Behavior Audit Configuration/ Device Attack Control Scanning 14
Process: Security for Security Sake Often Fails 15
People: Team Approaches Win • Involve business early and continually in process – look for “addressable” approaches where standards are evolving (e.g. BYOD, cloud) – document progress; review results and decisions – train IT staff and users on HIPAA disclosure rules • Audit everything – ingress and egress – you never know what you are going to need • Keep up on-going communications – Learn, learn, learn – you’ll be doing this again! 16
Top 5 Recommendations What You Can Do Now
Lumension® Endpoint Management and Security Suite Total Endpoint Protection Endpoint Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Endpoint Operations Endpoint Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Power Management Lumension® Disk Encryption Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lumension® Patch and Remediation Comprehensive and Secure Patch Management Endpoint Operations » Provides rapid, accurate and secure patch and configuration management for applications and Endpoint Operations Lumension® Patch and Remediation operating systems: Lumension® Content Wizard • Comprehensive support for multiple OS types Lumension® Configuration Mgmt. (Windows, *nix, Apple), native applications, and 3rd party applications Lumension® Power Management • Streamline and centralize management of heterogeneous environments • Visibility and control of all online or offline endpoints • Elevate security posture and proactively reduce risk • Save time and cost through automation 19
Lumension® Security Configuration Mgmt. Prevent Configuration Drift and Ensure Policy Compliance Endpoint Operations » Ensure that endpoint operating systems and applications are securely configured and in Endpoint Operations Lumension® Patch and Remediation compliance with industry best practices and Lumension® Content Wizard regulatory standards: Lumension® Configuration Mgmt. • Security Configuration Management • Out-of-the-box Checklist Templates Lumension® Power Management • NIST Validated Solution • Continuous Policy Assessment and Enforcement • Based on Open Standards for Easy Customization • Security Configuration and Posture Reporting 20
Lumension® Device Control Policy-Based Data Protection and Encryption » Protect Data from Loss or Theft: Centrally Endpoint Security enforce usage policies of all endpoint ports and Lumension® AntiVirus for all removable devices / media. Endpoint Security Lumension® Application Control » Increase Data Security: Define forced encryption policy for data flows onto removable Lumension® Device Control devices / media. Flexible exception Lumension® Disk Encryption management. » Improve Compliance: Centrally encrypt removable devices / media to ensure data cannot be accessed if they are lost or stolen. » Continuous Audit Readiness: Monitor all device usage and data transfers. Track all transferred files and content. Report on all data policy compliance and violations. 21
Lumension® Disk Encryption (powered by Sophos) Transparent Full Disk Encryption for PCs » Secures all data on endpoint hard drives Endpoint Security » Provides single sign-on to Windows Lumension® AntiVirus Endpoint Security » Enforces secure, user-friendly pre-boot Lumension® Application Control authentication (multi-factor, multi-user options) Lumension® Device Control » Quickly recovers forgotten passwords and data (local self-help, challenge / response, etc.) Lumension® Disk Encryption » Automated deployment, management and auditing via L.E.M.S.S. (integrated version) 22
23 Access Firewall Management Network Anti-Malware Patch and Configuration Management Full Disk Encryption Defense-in-Depth with Lumension Port / Device Control and Encryption Access Physical
Risk Management Disparate Data Collection Functional Silos Non Standardized Processes HIPAA Excel SOX Database Business Password Processes Policy PCI Manual IT Surveys Resources Character Length Special Characters Compliance Risk 24
More Information Free Scanner: Discover All Removable Healthy Solution for Protecting Device Connected to Your Endpoints Patient Data: Guarding Healthcare http://www.lumension.com/resources/security- Information with Device Control and tools/device-scanner.aspx Data Encryption http://www.lumension.com/Resources/WhitePapers /Healthy-Solutions-for-Protecting-Patient-Data.aspx Free Evaluation: Lumension® Data Protection IT Pros’ Guide to Data Protection: http://www.lumension.com/data-protection/data- protection-software/free-trial.aspx Top 5 Tips for Securing Data in the Modern Age http://www.lumension.com/Resources/Whitepapers/ Busy-IT-Professionals-Guide-to-Data- Protection.aspx 25
Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com

Recomendados

Best Practices for Monitoring DNS
Best Practices for Monitoring DNSBest Practices for Monitoring DNS
Best Practices for Monitoring DNS
ThousandEyes
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systems
Birju Tank
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
Men and Mice
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
Syed Ubaid Ali Jafri
 
Mobile Device Encryption Systems
Mobile Device Encryption SystemsMobile Device Encryption Systems
Mobile Device Encryption Systems
Peter Teufl
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Lumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide
Lumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Lumension
 

Recomendados

Best Practices for Monitoring DNS
Best Practices for Monitoring DNSBest Practices for Monitoring DNS
Best Practices for Monitoring DNS
ThousandEyes
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systems
Birju Tank
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
Men and Mice
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
Syed Ubaid Ali Jafri
 
Mobile Device Encryption Systems
Mobile Device Encryption SystemsMobile Device Encryption Systems
Mobile Device Encryption Systems
Peter Teufl
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Lumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide
Lumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Lumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results
Lumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Lumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Lumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
Lumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
Lumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security Risks
Lumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
Lumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
Lumension
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Lumension
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
Lumension
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Lumension
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
 

Más contenido relacionado

Más de Lumension

Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Lumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Lumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
Lumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
Lumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
Lumension
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
Lumension
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Lumension
 

Más de Lumension (20)

2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security Risks
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

How to Guard Healthcare Information with Device Control and Data Encryption

  • 1. How to Guard Healthcare Information with Device Control and Data Encryption
  • 2. Today’s Agenda Current IT Security Challenges in Healthcare Answering IT Security Challenges in Healthcare Top 5 Recommendations: What You Can Do Now
  • 3. Today’s Experts Eric Ogren Chris Merritt Founder & Principal Analyst Director of Solution Marketing The Ogren Group Lumension 3
  • 4. Current IT Security Challenges in Healthcare
  • 5. Data Breaches Still Occurring 5
  • 6. Data Breaches Still Occurring No. of Reported Breaches HHS Breach Database • 435 incidents involving ~20M records • Median impact = 2,184 records • No breaches in Hawaii, Maine, Rhode Island, and Vermont • Biggest impact on per capita basis: South Dakota and Virginia In 2012, 27% of all respondents indicated their organization had a security breach in the past 12 months (up from 19% in 2010 and 13% in 2008); of those who reported a breach, 69 percent experienced more than one. 6
  • 7. Data Breaches Still Occurring Encryption Impact • 70% of incidents and 86% of records • $1.48B in “hard costs” 7
  • 8. Stepped Up Enforcement Audit Program On-going • Published protocol: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html • 20 audits complete; 95 remaining audits will occur in 2012 • Audits will continue in 2013 • Results to date: http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-2_lsanches_ocr-audit.pdf Audit Issues by Area Observations • Conduct Risk Analysis (17) • Policies and Procedures • Grant Modify User Access (17) • Priority HIPAA Compliance Programs • Incident Response (11) • Conduct of Risk Assessment • Contingency Planning (34) • Managing third party risks • Media Reuse and Destruction (18) • Encryption (10) Next Steps based on the reviews • User Activity Monitoring (46) • Conduct a robust review & assessment • Authentication / Integrity (19) • Determine LoBs affected by HIPAA • Physical Access (9) • Map PHI flow within your organization, as well as flows to/from third parties • Find all of your PHI • See guidance available on OCR web site 8
  • 9. Stepped Up Enforcement Source: Linda Sanches (OCR), 2012 HIPAA Privacy and Security Audits (June 2012) 9
  • 11. Meaningful Use Stage 1 • Effective Feb-2012 • 10 steps to meaningful use by Eligible Practices • Core Objective & Measure 15: Protect electronic health information created or maintained by the certified EHR technology through the implement- ation of appropriate technical capabilities • Guidance available at http://www.healthit.gov/sites/ default/files/pdf/privacy/privacy-and-security-guide.pdf Stage 2 • Effective Jan-2014 • Encryption and Auditable events are two key components of Stage 2 certification with regards to the security requirements. Stage 3 • Final recommendations published by May-2013 11
  • 12. Answering IT Security Challenges in Healthcare
  • 13. Technology: Moving Faster Than HIPAA An Aug 6, 2012 Google search on “HIPAA compliance virtualization” showed no hhs.gov sources on the first two pages. Virtual Datacenter Virtual Datacenter DMZ Web PCI HIPAA Management 13
  • 14. Defense in Depth: Blend Different Approaches Vulnerability Management Data Reputation/ Protection Behavior Audit Configuration/ Device Attack Control Scanning 14
  • 15. Process: Security for Security Sake Often Fails 15
  • 16. People: Team Approaches Win • Involve business early and continually in process – look for “addressable” approaches where standards are evolving (e.g. BYOD, cloud) – document progress; review results and decisions – train IT staff and users on HIPAA disclosure rules • Audit everything – ingress and egress – you never know what you are going to need • Keep up on-going communications – Learn, learn, learn – you’ll be doing this again! 16
  • 17. Top 5 Recommendations What You Can Do Now
  • 18. Lumension® Endpoint Management and Security Suite Total Endpoint Protection Endpoint Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Endpoint Operations Endpoint Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Power Management Lumension® Disk Encryption Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 19. Lumension® Patch and Remediation Comprehensive and Secure Patch Management Endpoint Operations » Provides rapid, accurate and secure patch and configuration management for applications and Endpoint Operations Lumension® Patch and Remediation operating systems: Lumension® Content Wizard • Comprehensive support for multiple OS types Lumension® Configuration Mgmt. (Windows, *nix, Apple), native applications, and 3rd party applications Lumension® Power Management • Streamline and centralize management of heterogeneous environments • Visibility and control of all online or offline endpoints • Elevate security posture and proactively reduce risk • Save time and cost through automation 19
  • 20. Lumension® Security Configuration Mgmt. Prevent Configuration Drift and Ensure Policy Compliance Endpoint Operations » Ensure that endpoint operating systems and applications are securely configured and in Endpoint Operations Lumension® Patch and Remediation compliance with industry best practices and Lumension® Content Wizard regulatory standards: Lumension® Configuration Mgmt. • Security Configuration Management • Out-of-the-box Checklist Templates Lumension® Power Management • NIST Validated Solution • Continuous Policy Assessment and Enforcement • Based on Open Standards for Easy Customization • Security Configuration and Posture Reporting 20
  • 21. Lumension® Device Control Policy-Based Data Protection and Encryption » Protect Data from Loss or Theft: Centrally Endpoint Security enforce usage policies of all endpoint ports and Lumension® AntiVirus for all removable devices / media. Endpoint Security Lumension® Application Control » Increase Data Security: Define forced encryption policy for data flows onto removable Lumension® Device Control devices / media. Flexible exception Lumension® Disk Encryption management. » Improve Compliance: Centrally encrypt removable devices / media to ensure data cannot be accessed if they are lost or stolen. » Continuous Audit Readiness: Monitor all device usage and data transfers. Track all transferred files and content. Report on all data policy compliance and violations. 21
  • 22. Lumension® Disk Encryption (powered by Sophos) Transparent Full Disk Encryption for PCs » Secures all data on endpoint hard drives Endpoint Security » Provides single sign-on to Windows Lumension® AntiVirus Endpoint Security » Enforces secure, user-friendly pre-boot Lumension® Application Control authentication (multi-factor, multi-user options) Lumension® Device Control » Quickly recovers forgotten passwords and data (local self-help, challenge / response, etc.) Lumension® Disk Encryption » Automated deployment, management and auditing via L.E.M.S.S. (integrated version) 22
  • 23. 23 Access Firewall Management Network Anti-Malware Patch and Configuration Management Full Disk Encryption Defense-in-Depth with Lumension Port / Device Control and Encryption Access Physical
  • 24. Risk Management Disparate Data Collection Functional Silos Non Standardized Processes HIPAA Excel SOX Database Business Password Processes Policy PCI Manual IT Surveys Resources Character Length Special Characters Compliance Risk 24
  • 25. More Information Free Scanner: Discover All Removable Healthy Solution for Protecting Device Connected to Your Endpoints Patient Data: Guarding Healthcare http://www.lumension.com/resources/security- Information with Device Control and tools/device-scanner.aspx Data Encryption http://www.lumension.com/Resources/WhitePapers /Healthy-Solutions-for-Protecting-Patient-Data.aspx Free Evaluation: Lumension® Data Protection IT Pros’ Guide to Data Protection: http://www.lumension.com/data-protection/data- protection-software/free-trial.aspx Top 5 Tips for Securing Data in the Modern Age http://www.lumension.com/Resources/Whitepapers/ Busy-IT-Professionals-Guide-to-Data- Protection.aspx 25
  • 26. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com