healthcare mobility secuirty

Download Healthcare Mobility Secuirty

Post on 05-Apr-2018

222 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • 8/2/2019 Healthcare Mobility Secuirty

    1/23

    March 29th 2012

    Presented by:

    David Anteliz, Network Services Director

    Healthcare Mobile Security

  • 8/2/2019 Healthcare Mobility Secuirty

    2/23

    Mobility Boom In Healthcare

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

    The healthcare industry is going through a transformational period.

    Mobility, bring your own device (BYOD), and the explosion of medical-

    specific devices and applications are driving the way patient data and

    clinical systems are accessed, transmitted, and delivered. Electronic

    Medical Records (EMRs) and Electronic Health Records (EHRs) are further

    driving the volume of data as patient files, x-rays, lab results, and other

    sensitive medical records are transmitted across the network. Today, nearly

    one-third of healthcare providers use mobile devices to access EMRs or

    EHRs. Driving this demand are sophisticated and robust applications. The

    digitalizing of sensitive patient data is well underway, and this is making

    new care models possibleas collaboration, telemedicine, and electronic

    health initiatives transform healthcare delivery and outcomes

  • 8/2/2019 Healthcare Mobility Secuirty

    3/23

    HIPAA Privacy Rule

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

    What Information is Protected

    Protected Health Information. The Privacy Rule protects all "individually identifiable

    health information"held or transmitted by a covered entity or its business associate,

    in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this

    information "protected health information (PHI)."12

    Individually identifiable health information is information, including demographicdata, that relates to:

    the individuals past, present or future physical or mental health or condition,

    the provision of health care to the individual, or

    the past, present, or future payment for the provision of health care to the

    individual,

    and that identifies the individual or for which there is a reasonable basis to believe it

    can be used to identify the individual.13 Individually identifiable health informationincludes many common identifiers (e.g., name, address, birth date, Social Security

    Number).

  • 8/2/2019 Healthcare Mobility Secuirty

    4/23

    Healthcare Industry Challenges

    Data Access anytime anywhere by practitioners, (clinicians,physicians, nurses, etc..)

    Access to sensitive data (patient records) across public services

    Applications galore using myriad of devices to access sensitive

    data

    BYOD Bring your own device is now becoming acceptable in the

    industry

    Provisioning Management- who has an idea of how many

    unauthorized and authorized devices are on the network

    Content security, who has access to what? And When?

    Security- thought to be adequate and scalable using currenttechniques and methods

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

  • 8/2/2019 Healthcare Mobility Secuirty

    5/23

    Cloud Use In Healthcare

    SAAS for application access

    Virtualized environments

    Hosted or Self Service

    What security model should cloud usage follow

    Similar to Datacenter but still different

    Multiple security mechanisms, to much to manage, how

    do you maintain policy in a cohesive state when

    multiple parties are involved.?

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

  • 8/2/2019 Healthcare Mobility Secuirty

    6/23

    Common goals include:

    1. Additional Capacity How much capacity

    do we need during normal and peak times?

    2. Improved End-User ExperienceWhat performance

    goals are we trying to deliver against?

    3. Greater ElasticityHow quickly can the provider we

    select ramp up to meet our needs?4. Flexible BurstingHow fast do we need to be able to

    access additional capacity?

    Align Security goals across your organization

    Mobility in the cloud?

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

  • 8/2/2019 Healthcare Mobility Secuirty

    7/23

    1. Device Agnostic providing security at the user profile

    level

    2. Easy to use- provide SSO and access from any device

    3. Application Control- unfettered access to all

    applications should be discouraged and monitored

    4. Access control, controlling access at the edge

    establishing access control to remote data points

    Healthcare Mobility Security

    What Should it be

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

  • 8/2/2019 Healthcare Mobility Secuirty

    8/23

    Hardware, software, what is required?

    Device agnostic client for access and profile

    management.

    Client Security gateway for profile management andclient termination.

    Firewall for policy enforcement and security zone

    segregation.

    SSL VPN for remote user access and provisioning of

    access to remote nets, services, based on roles.

    UAC- unified access control for security policy

    enforcement

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

    Healthcare Mobility Security

  • 8/2/2019 Healthcare Mobility Secuirty

    9/23

    Healthcare Mobility Security

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

  • 8/2/2019 Healthcare Mobility Secuirty

    10/23

    Things to consider:

    Use alternative credential

    schema(token, cert)

    Completely control password

    policies Implement internal password

    reset

    Perform anomaly detection on

    login attempts

    Place the portal behind VPN

    Access control

    Endpoint management

    Recommendations:

    Strong policies on quality and

    rotation

    Employee education is key

    Never re-use credentials Anti-Phishing techniques

    Use off-site SSO if available

    Consider additional restrictions

    using VPN

    Map to what protections you had

    Healthcare Mobility Security.

    Securing the Cloud January 24th 2012 Welcome to Smart Technology.

  • 8/2/2019 Healthcare Mobility Secuirty

    11/23

    You will likely run into the following

    problems:

    Healthcare Mobility Security January 28th2012 Welcome to Smart Technology.

    Healthcare Mobility Security

    Not ready ?

  • 8/2/2019 Healthcare Mobility Secuirty

    12/23

    1) Static, manual configuration and

    management of your remote user and

    mobile devices and securityinfrastructure will probably not scale

    with demand.

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

    Healthcare Mobility Security.

  • 8/2/2019 Healthcare Mobility Secuirty

    13/23

    2) Frustrated user base, poor

    performance will lead to scraping

    security initiatives and possibly tablefuture ones

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

    Healthcare Mobility Security.

  • 8/2/2019 Healthcare Mobility Secuirty

    14/23

    3) Security compromises, creating anatmosphere of workarounds and poor

    adoption rates will only serve to

    reduce the effectiveness of the newly

    installed solution and reduce its ROI

    Big reason for failed security projects

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

    Healthcare Mobility Security.

  • 8/2/2019 Healthcare Mobility Secuirty

    15/23

    Virtualized environments to provide in

    house cloud services. Archiving(versioned) VMs, ensure VMs have

    specific attributes, and otherwise

    maintain governance.

    Securing the Cloud January 24th

    2012 Welcome to Smart Technology.

    Healthcare Mobility Security.

    What about Back end Security in the cloud or datacenter.

  • 8/2/2019 Healthcare Mobility Secuirty

    16/23

    But you will also need a way to

    maintain the self-service factor, or

    risk torpedoing a significant part of the

    value proposition of your VM andCloud implementation.

    This is a big dilemma if you facegovernance yet have to outsource your

    cloud especially in healthcareHealthcare Mobility Security January 28th2012 Welcome to Smart Technology.

    Healthcare Mobility Security.

  • 8/2/2019 Healthcare Mobility Secuirty

    17/23

    You have now secured your edge whatabout your delivery mechanism?

    VMs and Virtualized environments canbe targets for both malicious and

    financial gain. Who's guarding the

    kernel?

    Securing the Cloud January 24th

    2012 Welcome to Smart Technology.

    Healthcare Mobility Security.

  • 8/2/2019 Healthcare Mobility Secuirty

    18/23

    Again, there are tools available andemerging that can address some of

    these needs

    How do you recognize these Needs?!If your subject to Governance you

    have a need. Yesterdays solutions will

    struggle to keep up with the demand

    Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

    Healthcare Mobility Security.

  • 8/2/2019 Healthcare Mobility Secuirty

    19/23

    You are likely to find that you want acoherent, unified platform to deal with

    both build- and run-time aspects. Thisincludes access and control of

    application delivery

    Healthcare Mobility Security January 29th2012 Welcome to Smart Te