Security is an Important Part of Your Health Information Systems

Electronic health information systems (HIS) promise to reduce operational expenses, increase productivity, and improve care quality. Security must be considered when implementing an HIS. Providers need be sure that their security matches their new electronic environment. It is no longer enough to install anti-virus and assume that health information and systems will remain secure.

Increasing Risks (and Penalties) for Healthcare OrganizationsIn February 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act increased penalties for North American healthcare providers guilty of data breach. It provided for:•Stronger powers of enforcement by

state Attorneys General• Increased monetary penalties

for breaches•Mandatory disclosure requirements

for data breaches•Required compliance audit within 12 months

McAfee Solutions for HealthcareNoninvasive protection for patient care

Intherapidlychanginghealthcareindustry,doctorsandotherstaffwantgreaterflexibilitytousenewtechnologyintheworkplace.Butincreasedflexibilityalsomeansincreasedrisks,includingdataloss,vulnerabilitytomalware,andviolationoftheHIPAAPrivacyRule.McAfeehealthcaresolutionsaddressthisneed,enablingyoutoprotectaccesstosensitivedata,meetregulatoryrequirementssuchasHIPAAandPCI,andachievetheefficienciesnecessaryforsuccessinahighlycompetitiveindustry.

Balancingflexibilityanddataprotectionhasbeenaparticularlydifficultgoalforthehealthcare.Ontheonehand,thepenaltiesfordatabreachesareincreasingdramatically,whileFDAregulationsrestrictchangestomedicaldevices.Ontheotherhand,doctorsandotherhealthcareprovidersareeagerforfasteraccesstoinformation,whichhelpsthemprovidebettercaretopatients.Toachievethepromisedbenefitswithoutincreasingrisk,McAfeerecommendsthathealthcareorganizationsdeployanoptimizedsecurityarchitecture.

McAfee’soptimizedsecurityarchitectureprovidesprotectionagainstemergingthreatswhileenablinghealthcareproviderstoutilizethelatesttechnologies.McAfeeprovidesthisprotectionwhilereducingthesecurityfootprint(oroverhead),notonlyfacilitatingthefreeflowofsecureinformation,butalsoreducingITresourcesrequiredtoimplementandmaintainsecureaccess.WithMcAfee,healthcareorganizationsreducethecostofsecurityandminimizetheirrisks,anddoctorsgainefficienciesandimprovetheirabilitytodeliverexcellentcare.

Test Results

Referrals

@

Billing

Diagnosis

?

?

Centralized Management

Securing protectedhealth information

at rest

Securing protectedhealth information

in motion

Protecting criticalinfrastructure

Securing medicaldevices

Managing risk and vulnerability

Industry Brief

Industry Brief McAfee Solutions for Healthcare

McAfeesolutionsforhealthcareprovidersshareacentralizedsecuritymanagementplatformtoreducethemaintenanceburdenforsecurityandregulatorycompliance.Thecentralizedsecuritymanagementplatformenablesdatasecurity,networksecurity,policymanagement,monitoring,auditing,andthereportingrequiredforPCIandHIPAAcompliance.

1. Securing Protected Health Information at Rest Risk: Theuseoflaptopsandmobiledevicesincreasestheriskthatprotectedhealthinformation(PHI)willbeaccessedbyunauthorizedindividuals.AlostorstolendevicewithunencrypteddataconstitutesabreachifthedeviceissecuredwithonlysimplepasswordprotectionandcontainsanyunsecuredPHI.

McAfee solution: Protectsdeviceswitheasy-to-manage,low-footprintencryptionthatmeetsHIPAA/HITECHencryptionlevels,minimizingthepossibilityofdatalossandthesubsequentneedtosendbreachnotifications.

• Full-disk encryption—Securespatientdataonlaptopsandcomputers•Mobile device encryption—Encryptsdata(includingclassifiedmail)onmobilephones• File/folder encryption—Automaticallyencryptsfilescopiedfromaserver•Removable media encryption—AutomaticallyencryptsdatacopiedtoUSBdrives•Virtual disk encryption—Supportsvirtualenvironments•Device control—LimitswhichUSBdevicescanbeattachedtoacomputer

2. Securing Protected Health Information in Motion Risk:Transmissionofprotectedhealthinformationacrossanetworkthroughunprotectedemailorotherelectronicfiletransfersincreasesriskofdatabreach.

McAfee solution: Transparentlyencryptsdatatransmissionandmonitorspatientinformationtopreventinadvertentormalicioustransmissionviaemail,instantmessenger,printing,web,etc.,whetherbystafformalware.

•Network data-loss prevention—Transparentlyanalyzesthenetworktopreventloss•Host data-loss prevention—BlocksPHIdatafrombeingsentbyacomputer•Encryption of emails—EnsuresPHIinformationisalwaysencryptedintransit•McAfee eBusiness Server—Encryptsandcompressesinformationbetweenservers

3. Securing Medical DevicesRisk: Malwarecandisruptnotonlycomputersbutotherhealthcaredevices.Becauseoftheiroperatingsystems,MRImachines,heartratemonitors,andtabletcomputersarealsosusceptibletomalwarethatspreadsacrossanetwork.

McAfee solution: ProtectsmedicaldevicessuchasmedicaltabletPCsandotherthinclientdevicesalongwithMRI-CADscanners.Preventsattackswithlow-footprintintegritycheckingandisincorporatedintomoreandmorevendors’premarketapprovedbuilds

•Application whitelisting—Preventsinstallationofunwantedprograms•Change control—Managessoftwareinstallationandupgradesandpreventsunapprovedchanges• “Gold master” comparison—Checksthatdeviceshavenotbeenmodified•Vulnerability scanning—Identifiessystemsatriskandcorrelatesthreatstorisks

Test Results

Referrals

@

Diagnosis

Industry Brief McAfee Solutions for Healthcare

4. Protecting Critical InfrastructureRisk: DisruptiontoclinicalservicesandbillingcanoccurifpoorprotectionallowsexternalattackstodisruptcriticalinfrastructureorcompromisePHI.Damagetoreputationcanalsooccur.

McAfee solution: Utilizesreal-timeglobalthreatintelligencetostayaheadofchangingthreats,helpingyouavertsystemdowntimeandunauthorizedaccessofPHI.

•Anti-virus and anti-spyware—Includesmalwaredetectionandremoval•Host intrusion prevention—Includesvulnerabilityprotectionandapplicationblocking•Application whitelisting—Allowsonlyapprovedapplicationstorunonaprotecteddevice•Change control—Managessoftwareinstallationandupgradesandpreventsunapprovedchanges• Firewall—Providesdefensefromnetwork-basedattacks•Network IPS—Providesnetwork-basedmalwareprotection•Email and web security—Protectsagainstspamandmalwareaswellasoutbounddataloss•Vulnerability scanning—Identifiessystemsatriskandcorrelatesthreatstorisks

5. Risk and Vulnerability ManagementRisk:Thisdifficultyoftrackingvulnerabledevicesandthelocationofprotectedhealthinformationincreasesthepotentialofadatabreachandpossibilityofwillfulinfringementpenalties.

McAfee solution: Providesdatadiscoveryandvulnerabilitymanagementtoidentify,prioritize,andmitigatetherisksassociatedwithexternalandinternalthreatsanddatatheft.

•Data discovery—ScansaccessibledevicesforsensitiveinformationsuchasPHI•Vulnerability scanning—Identifiessystemsatriskandcorrelatesthreatstorisks•McAfee Policy Auditor—AutomatesprocessesforinternalandexternalITaudits•McAfee Remediation Manager—Automatesremediationofpolicynoncompliance•McAfee Risk Advisor—Proactivelycorrelatesthreats,vulnerabilities,andcountermeasures•Vulnerability and risk assessment services—Providesexpertisetohelpyouassessyourrisks

Optimized Security Architecture—The Value We Offer Organizations Like YoursNooneisbetterpositionedthanMcAfeetorelentlesslytacklethreatsfromeveryangleandhelpyousafeguardyourpatients,users,networks,andbillingsystems.McAfeesolutions,technologies,andaward-winningglobalresearchteamcoverthefullspectrum—theendpoint,thenetwork,thegateway,theInternet,andallpointsinbetween.

McAfee enables you to move from reactive to optimized—and in the process, reduce risk and cost.

Multilayered security connects processes and intelligence across systems and networks.McAfee’sintegratedapproachaccomplishesmorethananysingleelementalone,enablingITtofulfillbusinessrequirementsmoreefficientlywhilerespondingtothreatsswiftlyandeffectively.

Billing

?

?

McAfee and/or other noted McAfee related products contained herein are registered trademarks or trademarks of McAfee, Inc., and/or its affiliates in the U.S. and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. Any other non-McAfee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their respective owners. © 2009 McAfee, Inc. All rights reserved. 7192brf_sol-healthcare_1009_ETMG

McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 888 847 8766 www.mcafee.com

Compliance is integrated into your security process. WithMcAfee,complianceandtheabilitytoprovecompliancearebuiltrightintoyoureverydaysecurityprocesses,sothatreportingandauditingissimplyanoutputoftheworkyourITteamalreadydoes.

McAfee Global Threat Intelligence offers a predictive approach to new threats. Abetterunderstandingofthethreathorizoniscriticaltomovingfromreactivetoproactive.

McAfee’s centralized platform manages your entire security portfolio. Toefficientlymanageallsecurityprocesses,theITorganizationneedsvisibilityacrosssystemsandnetworks,regardlessofwherethosesystemsandnetworksarelocated.

Throughourbroadsolutions,centralizedmanagement,integratedcompliance,andGlobalThreatIntelligence,McAfeeenablesyoutomoreeffectivelyprotectyourpatients,staff,systems,anddata.

About McAfeeMcAfee,Inc.,headquarteredinSantaClara,California,istheworld’slargestdedicatedsecuritytechnologycompany.McAfeeisrelentlesslycommittedtotacklingtheworld’stoughestsecuritychallenges.Thecompanydeliversproactiveandprovensolutionsandservicesthathelpsecuresystemsandnetworksaroundtheworld,allowinguserstosafelyconnecttotheInternet,browseandshopthewebmoresecurely.Backedbyanaward-winningresearchteam,McAfeecreatesinnovativeproductsthatempowerhomeusers,businesses,thepublicsectorandserviceprovidersbyenablingthemtoprovecompliancewithregulations,protectdata,preventdisruptions,identifyvulnerabilities,andcontinuouslymonitorandimprovetheirsecurity.http://www.mcafee.com.

Industry Brief McAfee Solutions for Healthcare