Healthcare Mobile Security

March 29th 2012

Presented by: David Anteliz, Network Services Director

Mobility Boom In Healthcare

The healthcare industry is going through a transformational period. Mobility, bring your own device (BYOD), and the explosion of medicalspecific devices and applications are driving the way patient data and clinical systems are accessed, transmitted, and delivered. Electronic Medical Records (EMRs) and Electronic Health Records (EHRs) are further driving the volume of data as patient files, x-rays, lab results, and other sensitive medical records are transmitted across the network. Today, nearly one-third of healthcare providers use mobile devices to access EMRs or EHRs. Driving this demand are sophisticated and robust applications. The digitalizing of sensitive patient data is well underway, and this is making new care models possibleas collaboration, telemedicine, and electronic health initiatives transform healthcare delivery and outcomes

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

HIPAA Privacy Rule

What Information is Protected Protected Health Information. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."12 Individually identifiable health information is information, including demographic data, that relates to: the individuals past, present or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.13 Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Healthcare Industry Challenges

Data Access anytime anywhere by practitioners, (clinicians, physicians, nurses, etc..) Access to sensitive data (patient records) across public services Applications galore using myriad of devices to access sensitive data BYOD Bring your own device is now becoming acceptable in the industry Provisioning Management- who has an idea of how many unauthorized and authorized devices are on the network Content security, who has access to what? And When?

Security- thought to be adequate and scalable using current

techniques and methods
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

Cloud Use In Healthcare

SAAS for application access Virtualized environments Hosted or Self Service What security model should cloud usage follow Similar to Datacenter but still different

Multiple security mechanisms, to much to manage, how do you maintain policy in a cohesive state when multiple parties are involved.?

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Align Security goals across your organization Mobility in the cloud?

Common goals include:

1. Additional Capacity How much capacity do we need during normal and peak times? 2. Improved End-User Experience What performance goals are we trying to deliver against?

3. Greater Elasticity How quickly can the provider we select ramp up to meet our needs?
4. Flexible Bursting How fast do we need to be able to access additional capacity?
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

Healthcare Mobility Security What Should it be

1. Device Agnostic providing security at the user profile level

2. Easy to use- provide SSO and access from any device

3. Application Control- unfettered access to all applications should be discouraged and monitored 4. Access control, controlling access at the edge establishing access control to remote data points

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Healthcare Mobility Security Hardware, software, what is required? Device agnostic client for access and profile management. Client Security gateway for profile management and client termination. Firewall for policy enforcement and security zone segregation. SSL VPN for remote user access and provisioning of access to remote nets, services, based on roles. UAC- unified access control for security policy enforcement
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

Healthcare Mobility Security

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Healthcare Mobility Security.

Things to consider:

Recommendations: Strong policies on quality and rotation Employee education is key Never re-use credentials Anti-Phishing techniques Use off-site SSO if available Consider additional restrictions using VPN Map to what protections you had

Use alternative credential schema(token, cert) Completely control password policies Implement internal password reset Perform anomaly detection on login attempts Place the portal behind VPN Access control Endpoint management

Securing the Cloud

January 24th 2012

Welcome to Smart Technology.

Healthcare Mobility Security

Not ready ?

You will likely run into the following problems:

Healthcare Mobility Security

January 28th2012

Welcome to Smart Technology.

Healthcare Mobility Security.

1) Static, manual configuration and management of your remote user and mobile devices and security infrastructure will probably not scale with demand.

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Healthcare Mobility Security.

2) Frustrated user base, poor performance will lead to scraping security initiatives and possibly table future ones

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Healthcare Mobility Security.

3) Security compromises, creating an atmosphere of workarounds and poor adoption rates will only serve to reduce the effectiveness of the newly installed solution and reduce its ROI

Big reason for failed security projects

Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

Healthcare Mobility Security. What about Back end Security in the cloud or datacenter.

Virtualized environments to provide in house cloud services. Archiving (versioned) VMs, ensure VMs have specific attributes, and otherwise maintain governance.
Securing the Cloud January 24th 2012 Welcome to Smart Technology.

But you will also need a way to maintain the self-service factor, or risk torpedoing a significant part of the value proposition of your VM and Cloud implementation. This is a big dilemma if you face governance yet have to outsource your cloud especially in healthcare
Healthcare Mobility Security January 28th2012 Welcome to Smart Technology.

Healthcare Mobility Security.

Healthcare Mobility Security.

You have now secured your edge what about your delivery mechanism? VMs and Virtualized environments can be targets for both malicious and financial gain. Who's guarding the kernel?
Securing the Cloud January 24th 2012 Welcome to Smart Technology.

Healthcare Mobility Security.

Again, there are tools available and emerging that can address some of these needs How do you recognize these Needs?! If your subject to Governance you have a need. Yesterdays solutions will struggle to keep up with the demand
Healthcare Mobility Security January 29th2012 Welcome to Smart Technology.

You are likely to find that you want a coherent, unified platform to deal with both build- and run-time aspects. This includes access and control of application delivery

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Healthcare Mobility Security.

According to a recent study, healthcare practitioners are relying more and more on mobile devices, as four out of five physicians say that they rely on their smartphones and tablets to access, retrieve, and submit sensitive patient medical data with over 80 percent of doctors using mobile apps every day . Further, more than 25,000 mobile healthcare (mHealth) applications are in use today, with millions of downloads collectively. The healthcare industry is faced with a new reality - healthcare applications are impacting mobility, professional applications for caregivers are driving BYOD, and hospital authorized applications are enabling access to clinical services

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Healthcare Mobility Security.

Healthcare Mobility Security

January 29th2012

Welcome to Smart Technology.

Q&A
Thank You for Your Time. Connect with us!

www.j-solve.com www.twitter.com/network4front www.youtube.com/network4front

Healthcare Mobility Security January 29th2012

www.structure-tech.com
www.twitter.com/MaronStructure www.youtube.com/MaronStructure
Welcome to Smart Technology.