8/2/2019 Healthcare Mobility Secuirty
1/23
March 29th 2012
Presented by:
David Anteliz, Network Services Director
Healthcare Mobile Security
8/2/2019 Healthcare Mobility Secuirty
2/23
Mobility Boom In Healthcare
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
The healthcare industry is going through a transformational period.
Mobility, bring your own device (BYOD), and the explosion of medical-
specific devices and applications are driving the way patient data and
clinical systems are accessed, transmitted, and delivered. Electronic
Medical Records (EMRs) and Electronic Health Records (EHRs) are further
driving the volume of data as patient files, x-rays, lab results, and other
sensitive medical records are transmitted across the network. Today, nearly
one-third of healthcare providers use mobile devices to access EMRs or
EHRs. Driving this demand are sophisticated and robust applications. The
digitalizing of sensitive patient data is well underway, and this is making
new care models possibleas collaboration, telemedicine, and electronic
health initiatives transform healthcare delivery and outcomes
8/2/2019 Healthcare Mobility Secuirty
3/23
HIPAA Privacy Rule
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
What Information is Protected
Protected Health Information. The Privacy Rule protects all "individually identifiable
health information"held or transmitted by a covered entity or its business associate,
in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this
information "protected health information (PHI)."12
Individually identifiable health information is information, including demographicdata, that relates to:
the individuals past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the
individual,
and that identifies the individual or for which there is a reasonable basis to believe it
can be used to identify the individual.13 Individually identifiable health informationincludes many common identifiers (e.g., name, address, birth date, Social Security
Number).
8/2/2019 Healthcare Mobility Secuirty
4/23
Healthcare Industry Challenges
Data Access anytime anywhere by practitioners, (clinicians,physicians, nurses, etc..)
Access to sensitive data (patient records) across public services
Applications galore using myriad of devices to access sensitive
data
BYOD Bring your own device is now becoming acceptable in the
industry
Provisioning Management- who has an idea of how many
unauthorized and authorized devices are on the network
Content security, who has access to what? And When?
Security- thought to be adequate and scalable using currenttechniques and methods
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
8/2/2019 Healthcare Mobility Secuirty
5/23
Cloud Use In Healthcare
SAAS for application access
Virtualized environments
Hosted or Self Service
What security model should cloud usage follow
Similar to Datacenter but still different
Multiple security mechanisms, to much to manage, how
do you maintain policy in a cohesive state when
multiple parties are involved.?
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
8/2/2019 Healthcare Mobility Secuirty
6/23
Common goals include:
1. Additional Capacity How much capacity
do we need during normal and peak times?
2. Improved End-User ExperienceWhat performance
goals are we trying to deliver against?
3. Greater ElasticityHow quickly can the provider we
select ramp up to meet our needs?4. Flexible BurstingHow fast do we need to be able to
access additional capacity?
Align Security goals across your organization
Mobility in the cloud?
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
8/2/2019 Healthcare Mobility Secuirty
7/23
1. Device Agnostic providing security at the user profile
level
2. Easy to use- provide SSO and access from any device
3. Application Control- unfettered access to all
applications should be discouraged and monitored
4. Access control, controlling access at the edge
establishing access control to remote data points
Healthcare Mobility Security
What Should it be
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
8/2/2019 Healthcare Mobility Secuirty
8/23
Hardware, software, what is required?
Device agnostic client for access and profile
management.
Client Security gateway for profile management andclient termination.
Firewall for policy enforcement and security zone
segregation.
SSL VPN for remote user access and provisioning of
access to remote nets, services, based on roles.
UAC- unified access control for security policy
enforcement
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
Healthcare Mobility Security
8/2/2019 Healthcare Mobility Secuirty
9/23
Healthcare Mobility Security
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
8/2/2019 Healthcare Mobility Secuirty
10/23
Things to consider:
Use alternative credential
schema(token, cert)
Completely control password
policies Implement internal password
reset
Perform anomaly detection on
login attempts
Place the portal behind VPN
Access control
Endpoint management
Recommendations:
Strong policies on quality and
rotation
Employee education is key
Never re-use credentials Anti-Phishing techniques
Use off-site SSO if available
Consider additional restrictions
using VPN
Map to what protections you had
Healthcare Mobility Security.
Securing the Cloud January 24th 2012 Welcome to Smart Technology.
8/2/2019 Healthcare Mobility Secuirty
11/23
You will likely run into the following
problems:
Healthcare Mobility Security January 28th2012 Welcome to Smart Technology.
Healthcare Mobility Security
Not ready ?
8/2/2019 Healthcare Mobility Secuirty
12/23
1) Static, manual configuration and
management of your remote user and
mobile devices and securityinfrastructure will probably not scale
with demand.
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
Healthcare Mobility Security.
8/2/2019 Healthcare Mobility Secuirty
13/23
2) Frustrated user base, poor
performance will lead to scraping
security initiatives and possibly tablefuture ones
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
Healthcare Mobility Security.
8/2/2019 Healthcare Mobility Secuirty
14/23
3) Security compromises, creating anatmosphere of workarounds and poor
adoption rates will only serve to
reduce the effectiveness of the newly
installed solution and reduce its ROI
Big reason for failed security projects
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
Healthcare Mobility Security.
8/2/2019 Healthcare Mobility Secuirty
15/23
Virtualized environments to provide in
house cloud services. Archiving(versioned) VMs, ensure VMs have
specific attributes, and otherwise
maintain governance.
Securing the Cloud January 24th
2012 Welcome to Smart Technology.
Healthcare Mobility Security.
What about Back end Security in the cloud or datacenter.
8/2/2019 Healthcare Mobility Secuirty
16/23
But you will also need a way to
maintain the self-service factor, or
risk torpedoing a significant part of the
value proposition of your VM andCloud implementation.
This is a big dilemma if you facegovernance yet have to outsource your
cloud especially in healthcareHealthcare Mobility Security January 28th2012 Welcome to Smart Technology.
Healthcare Mobility Security.
8/2/2019 Healthcare Mobility Secuirty
17/23
You have now secured your edge whatabout your delivery mechanism?
VMs and Virtualized environments canbe targets for both malicious and
financial gain. Who's guarding the
kernel?
Securing the Cloud January 24th
2012 Welcome to Smart Technology.
Healthcare Mobility Security.
8/2/2019 Healthcare Mobility Secuirty
18/23
Again, there are tools available andemerging that can address some of
these needs
How do you recognize these Needs?!If your subject to Governance you
have a need. Yesterdays solutions will
struggle to keep up with the demand
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
Healthcare Mobility Security.
8/2/2019 Healthcare Mobility Secuirty
19/23
You are likely to find that you want acoherent, unified platform to deal with
both build- and run-time aspects. Thisincludes access and control of
application delivery
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
8/2/2019 Healthcare Mobility Secuirty
20/23
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
8/2/2019 Healthcare Mobility Secuirty
21/23
According to a recent study, healthcare practitioners are relying more and more on mobile
devices, as four out of five physicians say that they rely on their smartphones and tablets
to access, retrieve, and submit sensitive patient medical data with over 80 percent of
doctors using mobile apps every day . Further, more than 25,000 mobile healthcare
(mHealth) applications are in use today, with millions of downloads collectively. The
healthcare industry is faced with a new reality - healthcare applications are impactingmobility, professional applications for caregivers are driving BYOD, and hospital authorized
applications are enabling access to clinical services
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
Healthcare Mobility Security.
8/2/2019 Healthcare Mobility Secuirty
22/23
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
Healthcare Mobility Security.
8/2/2019 Healthcare Mobility Secuirty
23/23
Q&A
www.twitter.com/network4front
www.youtube.com/network4front
Thank You for Your Time. Connect with us!
www.twitter.com/MaronStructure
www.youtube.com/MaronStructure
www.j-solve.com www.structure-tech.com
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.
http://www.twitter.com/network4fronthttp://www.youtube.com/network4fronthttp://www.twitter.com/MaronStructurehttp://www.youtube.com/MaronStructurehttp://www.j-solve.com/http://www.structure-tech.com/http://www.structure-tech.com/http://www.structure-tech.com/http://www.structure-tech.com/http://www.j-solve.com/http://www.j-solve.com/http://www.j-solve.com/http://www.youtube.com/MaronStructurehttp://www.twitter.com/MaronStructurehttp://www.youtube.com/network4fronthttp://www.twitter.com/network4frontTop Related