The healthcare IT landscape is changing daily, and trying to keep up with requirements like HIPAA and HITECH can leave you and your clients extremely vulnerable. Register today to hear more about the current HIPAA threat landscape and learn best practices for protection.
Experts from Hostway and Alert Logic will keep you up-to-date on the latest trends in healthcare IT.
You'll learn about the following:
- The current state of the healthcare IT industry and the role of HIPAA
- Threats associated with the healthcare landscape
- How a security breach can impact your organization
- Security best practices for HIPAA compliant cloud hosting and more!
2. 2
Webinar Administration
ďź Enter questions in the chat box
ďź A recording of the webinar will be available to all attendees
ďź Speaker contact info will be available at the end of the presentation
ďź Giveaway drawing will be held after the Q&A
4. Reasons to trust our relationship
4
Partnership Overview
Millions
Of devices secured
Petabytes
of log data under
management
Hundreds
of Millions
of security events
correlated per month
Thousands
of incidents identified and
reviewed per month
**Locations between partnerships**
5. Over 3,600 Organizations
5
Alert Logic - Overview
Alert Logic has more than a
decade of experience
pioneering and refining cloud
solutions that are secure,
flexible and designed to work
with hosting and cloud service
providers. As one of the
nationâs leading managed
security providers, Alert Logic
has the tools and experience
that helps differentiate
Hostways Managed Security
Offerings apart from other
companies.
Alert Logic helps Hostway
focus on delivering a complete
solution
9. 9
Industry Analysis
Source: Vectra Networks
A new report into cyber security trends shows healthcare to be the most frequently targeted
industry, with 164 threats detected per 1,000 host devices.
10. 10
Industry Analysis
Root Cause Top 10 Healthcare Breaches:
Unintentional Insider â 3
Poor physical security â 3
Compromised systems â 2
Third party vendor â 2
14. Security Best Practices
⢠Secure your code
⢠Security Management and Monitoring Strategy
⢠Create access management policies
⢠Data classification
⢠Adopt a patch management approach
⢠Build a security toolkit
⢠Stay informed of the latest vulnerabilities that may affect you
⢠Understand your cloud service providers security model
⢠Understand the shared security responsibility
⢠Defense in Depth â 24x7
14
15. Secure Your Code
⢠Test inputs that are open to the Internet
⢠Add delays to your code to confuse bots
⢠Use encryption when you can
⢠Test libraries
⢠Scan plugins
⢠Scan your code after every update
⢠Limit privileges
⢠DevSecOps
15
16. Security Management and Monitoring Strategy
⢠Monitoring for malicious activity
⢠Scanning Services
⢠Forensic investigations
⢠Compliance needs
⢠System performance
⢠All sources of log data is collected
⢠Data types (OS, CMS, DB, Web)
⢠WAF
⢠Correlation logic
⢠IAM behavior
⢠IDS Network traffic
⢠FIM Logs
⢠Focused security research
⢠Security content creation
⢠Review process
⢠Live monitoring
16
17. Create Access Management Policies
â˘Identify data infrastructure that requires access
â˘Define roles and responsibilities
â˘Simplify access controls (KISS)
â˘Continually audit access
â˘Start with a least privilege access model
17
18. Data Classification
⢠Identify data repositories and mobile
backups
⢠Identify classification levels and
requirements
⢠Analyze data to determine classification
⢠Build Access Management policy around
classification
⢠Monitor file modifications and users
18
19. Adopt a Patch Management Approach
⢠Constantly scan all production systems
⢠Compare reported vulnerabilities to
production infrastructure
⢠Classify the risk based on vulnerability
and likelihood
⢠Test patches before you release into
production
⢠Setup a regular patching schedule
⢠Keep informed, follow bugtraqer
⢠Follow a SDLC
19
20. Build a Security Toolkit
Recommended Security Solutions
⢠Antivirus
⢠IP tables/Firewall
⢠Backups
⢠FIM
⢠Intrusion Detection System
⢠Malware Detection
⢠Web Application Firewalls
⢠Forensic Image of hardware remotely
⢠Future Deep Packet Forensics
⢠Web Filters
⢠Mail Filters
⢠Encryption Solutions
⢠Proxies
⢠Log collection
⢠SIEM Monitoring and Escalation
⢠Penetration Testing
20
21. Stay Informed of the Latest Vulnerabilities
Websites to follow:
⢠http://www.securityfocus.com
⢠http://www.exploit-db.com
⢠http://seclists.org/fulldisclosure/
⢠http://www.securitybloggersnetwork.com/
⢠http://cve.mitre.org/
⢠http://nvd.nist.gov/
⢠https://www.alertlogic.com/weekly-threat-report/
21
22. Understand Your Service Providers Security Model
⢠Understand the security offerings from your provider
⢠Probe into the Security vendors to find their prime service
⢠Hypervisor exploits are patched by the service provider
⢠Questions to use when evaluating cloud service providers
22
26. Risk Assessment
⢠Know the threats
⢠Assess
⢠Do nothing
⢠Transfer
⢠Mitigate
⢠Reassess
26
27. 27
Hidden Risks
⢠New York Presbyterian Hospital and Columbia University
⢠A physician connected an unsecure server to the network, which was used to compromise
the network and patient records
⢠$4.8 million settlement
⢠Advocate Health Care
⢠Four unencrypted laptops were stolen compromising 4 million patient records
⢠OCR found that they did not properly assess risks
⢠$5.55 million settlement
⢠Triple-S Management
⢠Five data breaches that impacted fewer than 500 people
⢠OCR found they did not have proper safeguards and an accurate risk assessment was never
performed
⢠Fined $3.5 million
28. 28
Know the top 10 Violations
Lost and Stolen Devices1
Hacking 2
Employee Dishonesty3
Improper Disposal 4
3rd Party Disclosure5
Information Leak6
Unencrypted Data 7
Lack of Training8
Unsecure Records 9
Loud Mouths10
Source: http://www.grouponehealthsource.com/blog/top-10-most-common-hipaa-
violations
29. 29
Compliance SafeguardsTechnicalPhysicalAdministrative
Access Control Audit Controls Integrity Authentication Transmission Security
Facility Access Control Workstation Use Workstation Security Device & Media Controls
Security
Process
Security
Responsibilities
Workforce
Security
Data
Controls
Security
Training
Security
Procedures
Contingency
Plans
Security
Evaluations
Signed
BAAâs
30. 30
HIPAA Solution Overview
Hostway Dedicated Solution Intrusion
Detection
Anti-Virus/
Malware
Daily Log
Review
Log Review &
Management
Data
Encryption
ASV
Vulnerability
Scans
Managed
Firewall
Managed
Support
Our Secure
Customer
â˘Dell R230
â˘Quad Core (E3-1250)
â˘32 GB DDR4
â˘4 x 1TB HDD
Platform
â˘ASA 5506-X
â˘Security Sec Plus
â˘None HA Setup
Network
â˘Windows 2012 R2
â˘Windows 2016
Standard
â˘Linux Debian 7
Compute
Backed BAA
Audited & Approved
31. Strive to exceed
expectations in
every interaction
Trusted
Relationships
Bring 19 years of deep
experience, across
technologies
Trusted
Expertise
Empowers you to run
your apps where
they run best
Trusted
Infrastructure
⢠Thousands of customers WW,
including the worldâs leading brands
⢠Over 40% of Fortune 500 Service
Providersâ promote Hostway
solutions through our Global Partner
channel
⢠All customers work with a Solutions
Engineer
⢠In-depth Linux, Microsoft, Cloud and
VMware technical expertise and
certifications
⢠Microsoft Gold Hosting Partner with
100% of staff Azure, and Office 365
trained
⢠Specialization in building and running
secure/compliant cloud hosting solutions
⢠Maniacal focus on speed to resolution -
average call response <30 sec,
resolution <30 min
⢠Fully Managed Public/Private/Hybrid
Virtualized or Traditional Managed
Servers
⢠100% Uptime Guarantee with strong
SLAs
⢠Fully Audited and certified HIPAA
compliant service provider
⢠SSAE16 SOC1 Type II and ISO certified
data centers
⢠9 Data centers in 4 countries on 3
continents for redundancy
31
Hostway. The Trusted Cloud.
Mayra
WHAT IS THIS WEBINAR ABOUT?Â
The HIPAA landscape is changing daily and trying to keep up can leave you and your clients vulnerable to threats. Stay up-to-date with the latest Healthcare IT topics and learn how to protect your business and your clients with Hostway's HIPAA cloud hosting solutions.Â
In this webinar, you will learn:Â
- The current industry state of Healthcare IT and HIPAA- Threat landscape associated with Healthcare - How a breach can impact your organization - Security best practices for HIPAA compliant cloud hosting and more!
Mayra -
If you have a question during the webinar, please enter it in the chat box. We will do our best to address questions at the end. If we donât have time, we will follow up with a Q&A document for all attendees. We will also make the recording of our webinar available to all attendees. You are welcome to contact any of the speakers with questions. Their contact info will be available at the end of the presentation.
Mayra Speaking
Hostway
Alert Logic Speaking
AL
AL
AL
AL
AL
AL
AL
AL
AL
AL
AL
AL
AL
Al
AL
AL
AL
AL
AL
Peter
PETER
peter
peter
peter
peter
Hostway - Example. Wanacry â could have been prevented. Phishing email. Employees trained not to click. Desktop SW to prevent it affecting desktops. Patch would have fixed.