Are you taking the necessary precautions to ensure your data is safe? In this information-packed webinar, Kareo’s Security Team will discuss the current climate of the healthcare industry in regards to data security, common misconceptions about using cloud-based software and best practices to implement in your daily workflow to ensure your data is safe. Join Jesse Salmon (Information Security Manager) and Tim Nabhani (Security Architect) as they review: -Why cyber attackers are targeting the healthcare industry -Common security myths about using cloud-based systems -Key security differences between cloud and on-premise data storage -Key security controls to look for when considering a cloud-based solution -Some security best practices to implement in your daily workflow to protect your data and your business Don’t wait until it’s too late. Now more than ever, it’s important that both independent practices and billing companies take extra precautions to ensure their data and their business are secure.

1. webinar
Addressing the Data Security
Risks of Cloud-Based Software
Tim Nabhani & Jesse Salmon October 10, 2019

2. kareo.com
Agenda
2
Agenda
2
• Welcome & Introductions
• Data Security Overview
• On-Premise Data Security Best
Practices
• Cloud Data Security Measures
• General Data Security Best
Practices
• Conclusion

3. kareo.com 33
Speakers
Tim Nabhani is an Information Security Architect at Kareo. He is responsible for
developing solutions to meet Kareo's strategic security initiatives. He has earned
his Masters in Computer Science from Cal State Long Beach, along with various
Information Security certifications such as CISSP and GPEN, and has over a
decade's worth of experience in building and securing technology solutions.
Tim Nabhani
Jesse Salmon
Jesse Salmon leads Kareo’s Information Security Team which maintains technical
safeguards to protect patient data. He got his start in Information Security while
attached to the 1st Marine Expeditionary Force serving as an information
assurance team lead. While deployed, Jesse learned the importance of
measuring and incremental improvement of security controls. Taking these skills
to the private sector, Jesse consulted for Fortune 500 companies providing
services around Identity and Access Management, PCI compliance and threat
detection.

4. Data Security Overview

5. kareo.com 55
Why is Security Important?
Bad Guys want to steal your data
• For Profit
• Fullz
• State Actors
• Corporate Espionage
• Hacktivists
Legal Requirements
• HIPAA / HITECH

6. kareo.com 66
Where to Store your Data?
Storing your data in the cloud vs. storing your data on a company server
- How does it work?
- How is data securely stored?

7. kareo.com 77
The Myths
1. “My data is stored in the cloud so I don’t need to back it up.”
2. “Because my data is stored in the cloud, it is being used
securely.”
3. “The free software I’m using is truly free.”
4. “The cloud is new technology and can’t be trusted.”
5. “My on-premise servers are more secure than the cloud.”

8. On-Premise Data Security Best Practices

9. kareo.com 99
How Are You Protecting Your Servers?
Prevention
Detection
Response

10. kareo.com 1010
Protecting Your Servers by Prevention
Security measures must be taken to protect information
from unauthorized modification, destruction, or disclosure
whether accidental or intentional.
Secure Your Network
• Hide and protect your WiFi
Protect the Perimeter
• Enable firewall protection at work
Invest in Tools
• AntiVirus
Update
• Install latest patches

11. kareo.com 1111
Protecting Your Servers though Detection
The most important element is timely detection and
notification of an attack
Physical Security
• Lock all filing cabinets and checking if still locked
• Closed circuit cameras
Monitoring and Logging
• Log all events in case of an investigation
• Deploy sensors throughout your network
• Commonly found in endpoint security software

12. kareo.com 1212
Protecting Your Servers with your Response
Making important decisions or developing policy while under
attack is a recipe for disaster.
This process is extremely important due to the lessons
learned.
Test Your Security
• Penetration testing
• Virtual fire drills
Disaster Recovery
• Planning
• Testing
• Updating

13. Cloud Data Security Measures

14. kareo.com 1414
HIPAA Requirements
BAA (Business Associate Agreement) between you and your software
provider clarifies responsibilities in the event of a data breach
• Unless otherwise stated, the provider (you) is fully responsible for the
protection/safety of all patient information

15. kareo.com 1515
Data Encryption
Encryption at Rest
and in Transit
Key Management

16. kareo.com 1616
Disaster Recovery
Multiple Data Centers
• To recover in case of loss
Damage Control
• Sprinklers
Testing
• Recovery time

17. kareo.com 1717
Questions to Ask
Certifications?
HITRUST
• Highest healthcare security standard
possible
• Provides evidence that security systems
are audited by independent 3rd party
Reports?
SOC2 Type 2 Report
• Rigorous proof and test of existing
controls

18. General Best Practices for Data Security

19. kareo.com 1919
Training Your Staff
Think Before You Click
• If you’re not expecting it, don’t click it
• No pop-ups or unknown emails/links
Multiple Strong Keys
• Use strong password and update it
regularly
• Use a second factor to authenticate

20. kareo.com 2020
Free is not Free
Free Browser Plugins are Dangerous
• Read your cookies
• See the URLs you access
• Access files on your computer
• See your web requests
Free Software is NOT Free
• You’re probably paying with data instead of money
• Giving others access to data puts you and your patients at risk
Advertisements can carry viruses
• New type of malware carried through ads called Malvertizing

21. Conclusion

22. kareo.com 2222
Connect with Kareo
Kareo @GoKareo GoKareo
3353 Michelson Drive, Suite 400
Irvine, CA 92612
(866) 231-2871
billing.companies@kareo.com