SlideShare ist ein Scribd-Unternehmen logo

Red7 Medical Identity Security and Data Protection

Robert Grupe, CSSLP CISSP PE PMP
Robert Grupe, CSSLP CISSP PE PMP

Growth of medical identity theft, protection requirements, and information security organization

Technologie
1 von 18
1 robertGrupe, CISSP, CSSLP, PE, PMP tags :|: medical identity, patient data, data protection © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security PATIENT MEDICAL IDENTITY & DATA PROTECTION SECURITY
• US Medical Identity Theft and Data Breaches • HIPAA 2013 Omnibus Final Rule Updates • Recommendations © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Agenda
© Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security US MEDICAL IDENTITY THEFT AND DATA BREACHES
• Top Industries Cost • 1. Healthcare $233 per person • 2. Finance $215 • 3. Pharmaceutical $207 • Top Causes • 41% Malicious attack • 33% Human Factor • 26% System glitch Red7 :|: Information Security US Data Breaches 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute © Copyright 2014-01 Robert Grupe. All rights reserved.
• 94% health-care organizations have been hit by at least one data breach, • 45% more than five breaches in the past two years • $2.4 million estimated average cost over 2 years • $10,000 - $1+ million per incident • 2,796 average number of records lost per breach • 47% detected by employees • 52% breaches discovered by audits • Black Market Data Value • $50 per medical record (SSNs go for about $1 each) • Criminal Mis-Use • Overseas call centers ordering medical equipment and drugs Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security. Dec 2012 © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security US Healthcare Data Breaches
• $1.8 million, 19%+ over 2012 • Causes • 30% Member shared identification with a friend/family member • 28% Acquaintance or family member stole • 8% provided in phishing • 7% provider/insurer due to data breach • 5% healthcare worker • Criminal mis-uses • 63% treatments • 60% prescriptions and equipment • 51% obtain government benefits • 12% credit card account applications Red7 :|: Information Security US Medical Identity Theft • Difficulties detecting • 56% Patients don’t check their records for accuracies 2013 Survey on Medical Identity Theft, Ponemon Institute © Copyright 2014-01 Robert Grupe. All rights reserved.
• “Medical Identity theft is being called the fastest growing type of fraud. • This contributes to rising cost in health care.” • Unlike financial identity theft, medical identity theft holds life threatening impacts. • For example if you are rushed to the ER with appendicitis but your records already show your appendicitis removed, the consequences can be dangerous.” • Medical Identity Fraud Alliance, Development Coordinator Robin Slade © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Consequences
• 50% of victims unaware creates inaccuracies in their records • 15% misdiagnosis • 14% treatment delays • 13% mistreatment • 11% wrong prescription • 23% credit rating • 20% financial identity theft (credit card, banking) • 17% legal fees • Loss of coverage, cost to restore, out-of-pocket costs, increased premiums • 6% employment difficulties • 58% victims lost trust in providers © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Patient Harm
• Member, client, provider communications • Member online security monitoring and restoration services • Response and reputation crisis management • Loss of business • Law suites: members, customers, investors © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Enterprise Consequences
© Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA Breach Notifications
© Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA 2013 OMNIBUS FINAL RULE UPDATES
• Defines Business Associates of Covered Entities directly liable for • • • • compliance with certain of the HIPAA Privacy and Security Rules' requirements. Require modifications to, and redistribution of, a Covered Entity's notice of privacy practices. Final rule adopting changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act. Final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule's "harm" threshold Violation Penalties • • • • (A) Did Not Know (with reasonable diligence) $100+ (B) Reasonable Cause $1,000+ (C)(i) Willful Neglect-Corrected $10,000+ (C)(ii) Willful Neglect-Not Corrected $50,000 HHS Omnibus http://www.hhs.gov/ocr/privacy/hipaa/administrative/omnibus/index.html http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA 2013 Omnibus Final Rule Updates
© Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security RECOMMENDATIONS
• Last patched software maintenance • Install anti-virus and application IDS everywhere • (Yes: Mac OS, iOS, Linux, and Android too) • Strong Credential Management • Strong Passwords and management policies • Network Mapping • Sites, gateways, routers, devices, • then directory details for all devices © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Master the Basics
• What security laws and regulations effect your organization • Heath Care: HIPAA, states • Financial: PCI, etc. • Personal: States, EU • Other • Map your external app’s PHI flows • Workflows • Reference lookups • Data backups © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Risk Assessment
If it isn’t documented, it doesn’t exist • Use an industry recognized framework • E.g. ISO/IEC 27001:2005 • Living Document: Continual detailing and updating • Don’t use all at once, keep section numbers but only draft and publish active sections • Identify information security best practices • Reference for Minimum acceptable security • Industry (e.g. HIPAA, HITRUST, ARRA) state (Mass.), third party (e.g., PCI and COBIT), government (e.g., NIST, FTC and CMS), appdev (e.g. OWASP) • Application regression test scripts for all policy rules validation • Responsible Program Manager to • prioritize critical success factors and initiatives • ensure document maintenance • champion process improvements • oversee system/application/services updates • ensure compliance validation • provide status reporting © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Document Your Policies & Processes
• Don’t Procrastinate - Start Right Now! • With quick list brainstorm • Continuous Process Improvement • What doesn’t get measured, doesn’t get done • Regular Privacy controls and processes Risk Assessment • Security Technology isn’t the (whole) solution • Vulnerability assessment utilities to detect security policy & process vulnerabilities • E.g. Social engineering vulnerabilities • Insider data access • User validation © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Well Begun, Is Half Done
• This Presentation & Further Resources • www.red7managementsolutions.com • Questions, suggestions, & requests • Robert Grupe, CISSP, CSSLP, PE, PMP • robert.grupe@red7managementsolutions.com • +1.314.278.7901 © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Finis

Empfohlen

HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Lessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceLessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceBlack Duck by Synopsys
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldRyan Snell
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 

Empfohlen

HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Lessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceLessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceBlack Duck by Synopsys
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldRyan Snell
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesRedspin, Inc.
 
Information Security in the eDiscovery Process
Information Security in the eDiscovery ProcessInformation Security in the eDiscovery Process
Information Security in the eDiscovery ProcessDaegis
 
Protecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersProtecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersJoshua Spencer
 
Web hipaa hitech and privacy
Web hipaa hitech and privacyWeb hipaa hitech and privacy
Web hipaa hitech and privacyCarol Buckmann
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantBlancco
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Blancco
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningBlack Duck by Synopsys
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivHIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Cybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsCybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsGopal Khanna
 
Red7 Software Planning Models
Red7 Software Planning ModelsRed7 Software Planning Models
Red7 Software Planning ModelsRobert Grupe, CSSLP CISSP PE PMP
 
Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingWeb Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingRobert Grupe, CSSLP CISSP PE PMP
 

Weitere ähnliche Inhalte

Was ist angesagt?

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesRedspin, Inc.
 
Information Security in the eDiscovery Process
Information Security in the eDiscovery ProcessInformation Security in the eDiscovery Process
Information Security in the eDiscovery ProcessDaegis
 
Protecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersProtecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersJoshua Spencer
 
Web hipaa hitech and privacy
Web hipaa hitech and privacyWeb hipaa hitech and privacy
Web hipaa hitech and privacyCarol Buckmann
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantBlancco
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Blancco
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningBlack Duck by Synopsys
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivHIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Cybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsCybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsGopal Khanna
 

Was ist angesagt? (20)

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
 
Information Security in the eDiscovery Process
Information Security in the eDiscovery ProcessInformation Security in the eDiscovery Process
Information Security in the eDiscovery Process
 
Protecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersProtecting Healthcare Data from Hackers
Protecting Healthcare Data from Hackers
 
Web hipaa hitech and privacy
Web hipaa hitech and privacyWeb hipaa hitech and privacy
Web hipaa hitech and privacy
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​s
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to Know
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-Wong
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability Scanning
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivHIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
Cybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsCybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected Officials
 

Andere mochten auch

Red7 NPD and Project Management Life Cycle Models Overview
Red7 NPD and Project Management Life Cycle Models OverviewRed7 NPD and Project Management Life Cycle Models Overview
Red7 NPD and Project Management Life Cycle Models OverviewRobert Grupe, CSSLP CISSP PE PMP
 
Product Portfolio Management
Product Portfolio ManagementProduct Portfolio Management
Product Portfolio ManagementMarina Naccarato
 

Andere mochten auch (14)

Red7 Software Planning Models
Red7 Software Planning ModelsRed7 Software Planning Models
Red7 Software Planning Models
 
Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingWeb Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN Testing
 
Red7 Automating UAT Web Testing
Red7 Automating UAT Web TestingRed7 Automating UAT Web Testing
Red7 Automating UAT Web Testing
 
Red7 Product Management Software Tools Overview
Red7 Product Management Software Tools OverviewRed7 Product Management Software Tools Overview
Red7 Product Management Software Tools Overview
 
Boy Scouts STEM Nova Awards
Boy Scouts STEM Nova AwardsBoy Scouts STEM Nova Awards
Boy Scouts STEM Nova Awards
 
Red7 NPD and Project Management Life Cycle Models Overview
Red7 NPD and Project Management Life Cycle Models OverviewRed7 NPD and Project Management Life Cycle Models Overview
Red7 NPD and Project Management Life Cycle Models Overview
 
Agile AppSec DevOps
Agile AppSec DevOpsAgile AppSec DevOps
Agile AppSec DevOps
 
Venturing: Extending the Boy Scout Troop
Venturing: Extending the Boy Scout TroopVenturing: Extending the Boy Scout Troop
Venturing: Extending the Boy Scout Troop
 
Boy Scout Parents Introduction
Boy Scout Parents IntroductionBoy Scout Parents Introduction
Boy Scout Parents Introduction
 
Red7 Developing Product Requirements: Tools and Process
Red7 Developing Product Requirements: Tools and ProcessRed7 Developing Product Requirements: Tools and Process
Red7 Developing Product Requirements: Tools and Process
 
Boy Scouts Introduction
Boy Scouts IntroductionBoy Scouts Introduction
Boy Scouts Introduction
 
Red7 Introduction to Product Management
Red7 Introduction to Product ManagementRed7 Introduction to Product Management
Red7 Introduction to Product Management
 
Red7 Product Portfolio Management
Red7 Product Portfolio ManagementRed7 Product Portfolio Management
Red7 Product Portfolio Management
 
Product Portfolio Management
Product Portfolio ManagementProduct Portfolio Management
Product Portfolio Management
 

Ähnlich wie Red7 Medical Identity Security and Data Protection

Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009rogersons
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewClearDATACloud
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Compliancy Group
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 

Ähnlich wie Red7 Medical Identity Security and Data Protection (20)

Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS Community
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
2016-04-21 HIPAA
2016-04-21 HIPAA2016-04-21 HIPAA
2016-04-21 HIPAA
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
 

Mehr von Robert Grupe, CSSLP CISSP PE PMP

AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessRobert Grupe, CSSLP CISSP PE PMP
 
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should HaveAppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should HaveRobert Grupe, CSSLP CISSP PE PMP
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRobert Grupe, CSSLP CISSP PE PMP
 

Mehr von Robert Grupe, CSSLP CISSP PE PMP (6)

Application Security: AI LLMs and ML Threats & Defenses
Application Security: AI LLMs and ML Threats & DefensesApplication Security: AI LLMs and ML Threats & Defenses
Application Security: AI LLMs and ML Threats & Defenses
 
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
 
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should HaveAppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
 
Red7 Software Application Security Threat Modeling
Red7 Software Application Security Threat ModelingRed7 Software Application Security Threat Modeling
Red7 Software Application Security Threat Modeling
 
Application Security Logging with Splunk using Java
Application Security Logging with Splunk using JavaApplication Security Logging with Splunk using Java
Application Security Logging with Splunk using Java
 

Kürzlich hochgeladen

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Kürzlich hochgeladen (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Red7 Medical Identity Security and Data Protection

  • 1. 1 robertGrupe, CISSP, CSSLP, PE, PMP tags :|: medical identity, patient data, data protection © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security PATIENT MEDICAL IDENTITY & DATA PROTECTION SECURITY
  • 2. • US Medical Identity Theft and Data Breaches • HIPAA 2013 Omnibus Final Rule Updates • Recommendations © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Agenda
  • 3. © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security US MEDICAL IDENTITY THEFT AND DATA BREACHES
  • 4. • Top Industries Cost • 1. Healthcare $233 per person • 2. Finance $215 • 3. Pharmaceutical $207 • Top Causes • 41% Malicious attack • 33% Human Factor • 26% System glitch Red7 :|: Information Security US Data Breaches 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute © Copyright 2014-01 Robert Grupe. All rights reserved.
  • 5. • 94% health-care organizations have been hit by at least one data breach, • 45% more than five breaches in the past two years • $2.4 million estimated average cost over 2 years • $10,000 - $1+ million per incident • 2,796 average number of records lost per breach • 47% detected by employees • 52% breaches discovered by audits • Black Market Data Value • $50 per medical record (SSNs go for about $1 each) • Criminal Mis-Use • Overseas call centers ordering medical equipment and drugs Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security. Dec 2012 © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security US Healthcare Data Breaches
  • 6. • $1.8 million, 19%+ over 2012 • Causes • 30% Member shared identification with a friend/family member • 28% Acquaintance or family member stole • 8% provided in phishing • 7% provider/insurer due to data breach • 5% healthcare worker • Criminal mis-uses • 63% treatments • 60% prescriptions and equipment • 51% obtain government benefits • 12% credit card account applications Red7 :|: Information Security US Medical Identity Theft • Difficulties detecting • 56% Patients don’t check their records for accuracies 2013 Survey on Medical Identity Theft, Ponemon Institute © Copyright 2014-01 Robert Grupe. All rights reserved.
  • 7. • “Medical Identity theft is being called the fastest growing type of fraud. • This contributes to rising cost in health care.” • Unlike financial identity theft, medical identity theft holds life threatening impacts. • For example if you are rushed to the ER with appendicitis but your records already show your appendicitis removed, the consequences can be dangerous.” • Medical Identity Fraud Alliance, Development Coordinator Robin Slade © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Consequences
  • 8. • 50% of victims unaware creates inaccuracies in their records • 15% misdiagnosis • 14% treatment delays • 13% mistreatment • 11% wrong prescription • 23% credit rating • 20% financial identity theft (credit card, banking) • 17% legal fees • Loss of coverage, cost to restore, out-of-pocket costs, increased premiums • 6% employment difficulties • 58% victims lost trust in providers © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Patient Harm
  • 9. • Member, client, provider communications • Member online security monitoring and restoration services • Response and reputation crisis management • Loss of business • Law suites: members, customers, investors © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Enterprise Consequences
  • 10. © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA Breach Notifications
  • 11. © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA 2013 OMNIBUS FINAL RULE UPDATES
  • 12. • Defines Business Associates of Covered Entities directly liable for • • • • compliance with certain of the HIPAA Privacy and Security Rules' requirements. Require modifications to, and redistribution of, a Covered Entity's notice of privacy practices. Final rule adopting changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act. Final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule's "harm" threshold Violation Penalties • • • • (A) Did Not Know (with reasonable diligence) $100+ (B) Reasonable Cause $1,000+ (C)(i) Willful Neglect-Corrected $10,000+ (C)(ii) Willful Neglect-Not Corrected $50,000 HHS Omnibus http://www.hhs.gov/ocr/privacy/hipaa/administrative/omnibus/index.html http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA 2013 Omnibus Final Rule Updates
  • 13. © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security RECOMMENDATIONS
  • 14. • Last patched software maintenance • Install anti-virus and application IDS everywhere • (Yes: Mac OS, iOS, Linux, and Android too) • Strong Credential Management • Strong Passwords and management policies • Network Mapping • Sites, gateways, routers, devices, • then directory details for all devices © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Master the Basics
  • 15. • What security laws and regulations effect your organization • Heath Care: HIPAA, states • Financial: PCI, etc. • Personal: States, EU • Other • Map your external app’s PHI flows • Workflows • Reference lookups • Data backups © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Risk Assessment
  • 16. If it isn’t documented, it doesn’t exist • Use an industry recognized framework • E.g. ISO/IEC 27001:2005 • Living Document: Continual detailing and updating • Don’t use all at once, keep section numbers but only draft and publish active sections • Identify information security best practices • Reference for Minimum acceptable security • Industry (e.g. HIPAA, HITRUST, ARRA) state (Mass.), third party (e.g., PCI and COBIT), government (e.g., NIST, FTC and CMS), appdev (e.g. OWASP) • Application regression test scripts for all policy rules validation • Responsible Program Manager to • prioritize critical success factors and initiatives • ensure document maintenance • champion process improvements • oversee system/application/services updates • ensure compliance validation • provide status reporting © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Document Your Policies & Processes
  • 17. • Don’t Procrastinate - Start Right Now! • With quick list brainstorm • Continuous Process Improvement • What doesn’t get measured, doesn’t get done • Regular Privacy controls and processes Risk Assessment • Security Technology isn’t the (whole) solution • Vulnerability assessment utilities to detect security policy & process vulnerabilities • E.g. Social engineering vulnerabilities • Insider data access • User validation © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Well Begun, Is Half Done
  • 18. • This Presentation & Further Resources • www.red7managementsolutions.com • Questions, suggestions, & requests • Robert Grupe, CISSP, CSSLP, PE, PMP • robert.grupe@red7managementsolutions.com • +1.314.278.7901 © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Finis

Hinweis der Redaktion

  1. BioRobert Grupe is an experienced international business leader with a background in engineering, sales, marketing, PR, and product support in the software, digital marketing, health care, electro-optic and aerospace industries. From Fortune 100 to start-up companies, Robert has worked for industry leaders including Boeing, McAfee, Text 100 PR, and Express Scripts.  Management experience includes working with and leading local, as well as internationally distributed, teams while implementing best practices to maximum organizational and market performance.  Robert is a registered Certified Information Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), Professional Engineer (PE), and Product Management Professional (PMP).
  2. Your Medical Records Could be Sold on the Black Market, NBC Bay Area News, http://www.nbcbayarea.com/news/local/Medical-Records-Could-Be-Sold-on-Black-Market-212040241.html, June 19, 2013.http://www.nationwide.com/newsroom/061312-MedicalIDTheft.js