healthcare information security secure sensitive communications within the uw medical school
DESCRIPTION
TRANSCRIPT
![Page 1: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/1.jpg)
Using Digital Certificates to Secure Sensitive Communications Within the UW Medical School
Nicholas Davis – DoIT MiddlewareMarch 1, 2010
![Page 2: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/2.jpg)
Overview• Old business processes vs. new
business processes• Protecting your electronic identity• Email security• Digital certificates defined• What digital certificates can do for
your department• How digital certificates can help
your increase security• Questions• Next Steps
![Page 3: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/3.jpg)
Old vs. New Business Processes• UW-Madison has
historically relied upon manual business processes
• Transcripts, HR Data, Contracts, Research Data, Health Information, Financial and Accounting Information—all kept on paper
• Physically secure• Difficult to access,
replicate and distribute
![Page 4: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/4.jpg)
Old vs. New Business Processes
• As the amount of information we manage has increased, we have turned to electronic information systems to help us organize and disseminate information in a more efficient manner
![Page 5: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/5.jpg)
Old vs. New Business Processes
• Today, we send official documents as email attachments
• We send email and documents to group mail lists
• Access to information is much greater than it was in the days of manual processes
• With new technologies there are new threats
![Page 6: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/6.jpg)
Protecting Your Personal Identity
• When you send a document, how does the receiver know it came from you?
• When you send an electronic document, wouldn’t you want the same assurance?
![Page 7: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/7.jpg)
Email Security
• How secure is the email you sent this morning?
• What happens to an email once you click the “send” button?
• Network, Intermediary Servers, Receiving Email Server, End Users Workstations
• Laptops!
![Page 8: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/8.jpg)
Digital Certificates Defined• A digital certificate is NOT a software
application• A digital certificate is an “electronic
passport”, with special added features• Proves your identity• Allows you to protect your information
with encryption• Functionality already built into
existing applications on your computer
![Page 9: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/9.jpg)
What Digital Certificates Can Do For Your Department
• Provide proof of document or email message authorship
• Proves that the document (Word, Excel, PDF, Powerpoint) came from you
• Proves that the document has not been altered from original form
![Page 10: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/10.jpg)
Example
![Page 11: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/11.jpg)
Example
![Page 12: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/12.jpg)
Encryption• Protects your email from being
read and/or altered from the moment it leaves your computer
• Simple as “click and send”• In order to receive encrypted
email, you must have a digital certificate
• In order for encryption to work bi-directionally, both users must have digital certificates
![Page 13: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/13.jpg)
Example
![Page 14: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/14.jpg)
If The Encrypted Email Is Intercepted
![Page 15: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/15.jpg)
Uses
• Signing documents (and email) to prove authorship
• Encrypting sensitive emails and attachments
![Page 16: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/16.jpg)
Think About ThisCould cause harm in
a critical situationCase Scenario
Multiple hoax emails sent with Chancellor’s name and email. When real crisis arrives, people might not believe the warning.
It is all about trust!
![Page 17: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/17.jpg)
Case Scenarios To Be Avoided
• HR related email concerning Nicholas Davis is intercepted by someone on the campus network and sent to newspaper
• Laptop containing spreadsheet with SSNs of all UW faculty is stolen at Moscow airport.
![Page 18: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/18.jpg)
The Technology Is Trustworthy• X.509 is the industry standard• Used by many Federal
Government agencies and Universities around the world
• Used in all Western European passports
• Used by GE, Raytheon, J&J, P&G
![Page 19: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/19.jpg)
The Technology Is Managed• DoIT generates, distributes,
supports and manages the digital certificate program
• Our certificates are provided by Verisign, the most widely trusted issuer of digital certificates
• We keep copies—just in case
![Page 20: Healthcare information security secure sensitive communications within the uw medical school](https://reader036.vdocuments.us/reader036/viewer/2022081414/54b8de8b4a795950148b4608/html5/thumbnails/20.jpg)
Questions, Comments• Nicholas Davis• [email protected] (info)• [email protected] (support)