Login

Category: Healthcare

Tuesday, 20 December 2011 13:30 No Comments

Webinar Wrap-up: Security Best Practices for Healthcare in 2012

Posted by Heather Howland in Healthcare, Security Intelligence, Webinars

Truism: it’s always informative to have customers join us on webinars. Last Thursday’s webinar was no exception, as we had two of our healthcare customers accompany us for an interactive discussion about healthcare security and compliance concerns as we approach 2012. A hearty thanks to both Youssef Jad from McGill University Health Centre and Jerry Walters from OhioHealth for taking time away from their busy days to participate in this discussion.

Here’s a brief clip:

We covered a lot of ground in an hour, but here are a few of the major takeaways:
  • Tuning your security intelligence solution is extremely important to establish a baseline and avoid being overwhelmed with data early on.
  • Visibility into network flows is a huge factor when attempting to track down application related traffic, especially when fully correlated with other events.
  • In the healthcare space, securing the mobile infrastructure is extremely important.
  • Security intelligence solutions like QRadar go way beyond reporting and log management.

During their QRadar proof-of-concept (POC), OhioHealth was able to quickly identify infection sources from a malware outbreak stemming from a zero-day event.  They leveraged QRadar’s unique QFlow capability to analyze network traffic by looking for specific patterns in the traffic, and they now use QFlow extensively to look for abnormal network activity.  QRadar was a replacement for a previous SIEM and log management solution that simply ran out of gas – it could not scale to support the high volume of security events that OhioHealth needed to monitor.

At McGill University Health Centre, QRadar was deployed in a just a few days using the system’s pre-built templates.  Tuning and creating custom rules required an additional month, but is an important step to effectively isolate incidents.  The solution has already been used to identify malware attacks, and it is a key element of their change control process because it is used to identify unauthorized or erroneous configuration changes that affect the availability of critical applications.  McGill chose QRadar after an evaluation process that also included testing ArcSight, which they found to be too complex

Some of the questions answered in the webcast:
  • Why did you need a security intelligence solution?
  • What were your criteria?
  • What other solutions did you look at?
  • Did you have any challenges getting the solution in place?
  • How large of a staff do you maintain that works directly with QRadar?
  • How many systems and devices were included in your deployment?
  • Once an incident is discovered, how is it handled?

If you missed the live webinar, the recorded version is posted here for your viewing. Have questions while watching? Send them to info@q1labs.com and we’ll get back to you quickly.

Related: Five Ways to Use Security Intelligence to Pass Your HIPAA Audit (eBook)


Wednesday, 9 November 2011 08:40 No Comments

The Real Cost of Being Breached for Healthcare Organizations

Posted by Heather Howland in Healthcare, Security Intelligence

The DigiNotar hack brought to light the ultimate cost of being breached - going out of business. However, that was only one scenario. Can a company really be hacked out of business?

Look at Sony’s Playstation Network. Gamers still gamed after ~20 hacks over 6 months and after knowing credit card information was compromised. However, when industries like Healthcare are considered, things change. Patient records, exposed medical devices, mission critical servers, mobile devices, etc, have more at stake.

Lets put the concept of “going out of business” out of our heads for now. It will take more than one hack to put a hospital out of business, for example. Remember the Conficker worm of 2009? It infected thousands of devices at hundreds of hospitals around the world, exacerbating all concerns of patient record security and creating new worries about the safety of MRI and CAT Scan devices. Most of these critical networks are not connected to the internet, but the exposed machines that run them are sometimes connected when they shouldn’t be. With more network aware devices in hospitals being deployed each year, the risk rises and the goldmine of susceptible data grows.

What is the real cost of being breached for Healthcare organizations (hospitals, MRI facilities, outpatient services, etc)? Is it loss of business? Patient fear? Capital costs of updating old hardware and insecure systems? Loss of patient records? I would say “all of the above” applies in most cases.

I’m also willing to guess that the cost of being breached for a healthcare organization is monumentally higher than the cost of properly securing systems, devices, and networks that help lower the risk of a breach. What do you think?


Wednesday, 27 July 2011 09:08 2 Comments

Winter is Coming. I mean, Audits are Coming.

Posted by Heather Howland in Healthcare, Risk Management

One of my favorite series on HBO, Game of Thrones, has managed to completely consume my attention over the past few months. After watching the first season, I immediately started reading the books and diving deeper into the back stories and lore. Throughout both the HBO series and books, there’s a common saying – Winter is Coming. Meaning that the long summer is coming to an end in favor of an equally long and cold winter, which signifies tough times for the Seven Kingdoms.

For security and compliance professionals in the healthcare industry, long awaited HIPAA audits are coming. The Department of Health and Human Services’ Office for Civil Rights has recently stated that they will conduct approximately 150 HIPAA audits starting later this year, through the end of 2012.

How do you best prepare for the coming audits? Here’s a few suggestions, with a mindset of security intelligence and risk awareness:

  • If you hold patient records or any type of electronic health information, be sure you have analyzed your network and device configuration for potential vulnerabilities.
  • Automated policy monitoring can also keep you prepared before a breach occurs. This will alert you when, for example, there is a network configuration allowing “out of policy” traffic through your network.
  • Know what to do if and when a breach occurs. Have a plan in place and data to back it all up. A modern SIEM solution can provide important forensics including when the breach happened, who was targeted, what data was compromised, and why this may have happened based on records of previous offenses.
  • Already have a SIEM solution deployed? Extend its functionality to include risk management and assessment.

When will the auditors come knocking on your door? No one knows, which is more reason to take precautions. Apparently, audit targets will vary based on size, business type, and previous violations – although it is reported that the latter will be less of a focus.

While we may not know how invasive the audits will be, who will be targeted, and when exactly they will begin, we do know that audits are coming. Is your organization at risk? Are you prepared?

To learn how another healthcare organization has taken measures to protect patient data while centralizing their security and compliance programs, download this case study on Arkansas Children’s Hospital.