Posts Tagged ‘hipaa’
Truism: it’s always informative to have customers join us on webinars. Last Thursday’s webinar was no exception, as we had two of our healthcare customers accompany us for an interactive discussion about healthcare security and compliance concerns as we approach 2012. A hearty thanks to both Youssef Jad from McGill University Health Centre and Jerry Walters from OhioHealth for taking time away from their busy days to participate in this discussion.
Here’s a brief clip:
- Tuning your security intelligence solution is extremely important to establish a baseline and avoid being overwhelmed with data early on.
- Visibility into network flows is a huge factor when attempting to track down application related traffic, especially when fully correlated with other events.
- In the healthcare space, securing the mobile infrastructure is extremely important.
- Security intelligence solutions like QRadar go way beyond reporting and log management.
During their QRadar proof-of-concept (POC), OhioHealth was able to quickly identify infection sources from a malware outbreak stemming from a zero-day event. They leveraged QRadar’s unique QFlow capability to analyze network traffic by looking for specific patterns in the traffic, and they now use QFlow extensively to look for abnormal network activity. QRadar was a replacement for a previous SIEM and log management solution that simply ran out of gas – it could not scale to support the high volume of security events that OhioHealth needed to monitor.
At McGill University Health Centre, QRadar was deployed in a just a few days using the system’s pre-built templates. Tuning and creating custom rules required an additional month, but is an important step to effectively isolate incidents. The solution has already been used to identify malware attacks, and it is a key element of their change control process because it is used to identify unauthorized or erroneous configuration changes that affect the availability of critical applications. McGill chose QRadar after an evaluation process that also included testing ArcSight, which they found to be too complex
- Why did you need a security intelligence solution?
- What were your criteria?
- What other solutions did you look at?
- Did you have any challenges getting the solution in place?
- How large of a staff do you maintain that works directly with QRadar?
- How many systems and devices were included in your deployment?
- Once an incident is discovered, how is it handled?
Related: Five Ways to Use Security Intelligence to Pass Your HIPAA Audit (eBook)
One of my favorite series on HBO, Game of Thrones, has managed to completely consume my attention over the past few months. After watching the first season, I immediately started reading the books and diving deeper into the back stories and lore. Throughout both the HBO series and books, there’s a common saying – Winter is Coming. Meaning that the long summer is coming to an end in favor of an equally long and cold winter, which signifies tough times for the Seven Kingdoms.
For security and compliance professionals in the healthcare industry, long awaited HIPAA audits are coming. The Department of Health and Human Services’ Office for Civil Rights has recently stated that they will conduct approximately 150 HIPAA audits starting later this year, through the end of 2012.
How do you best prepare for the coming audits? Here’s a few suggestions, with a mindset of security intelligence and risk awareness:
- If you hold patient records or any type of electronic health information, be sure you have analyzed your network and device configuration for potential vulnerabilities.
- Automated policy monitoring can also keep you prepared before a breach occurs. This will alert you when, for example, there is a network configuration allowing “out of policy” traffic through your network.
- Know what to do if and when a breach occurs. Have a plan in place and data to back it all up. A modern SIEM solution can provide important forensics including when the breach happened, who was targeted, what data was compromised, and why this may have happened based on records of previous offenses.
- Already have a SIEM solution deployed? Extend its functionality to include risk management and assessment.
When will the auditors come knocking on your door? No one knows, which is more reason to take precautions. Apparently, audit targets will vary based on size, business type, and previous violations – although it is reported that the latter will be less of a focus.
While we may not know how invasive the audits will be, who will be targeted, and when exactly they will begin, we do know that audits are coming. Is your organization at risk? Are you prepared?
To learn how another healthcare organization has taken measures to protect patient data while centralizing their security and compliance programs, download this case study on Arkansas Children’s Hospital.