mcafee solutions for healthcare - ingram micro brief mcafee solutions for healthcare 4. protecting...
TRANSCRIPT
Security is an Important Part of Your Health Information Systems
Electronic health information systems (HIS) promise to reduce operational expenses, increase productivity, and improve care quality. Security must be considered when implementing an HIS. Providers need be sure that their security matches their new electronic environment. It is no longer enough to install anti-virus and assume that health information and systems will remain secure.
Increasing Risks (and Penalties) for Healthcare OrganizationsIn February 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act increased penalties for North American healthcare providers guilty of data breach. It provided for:•Stronger powers of enforcement by
state Attorneys General• Increased monetary penalties
for breaches•Mandatory disclosure requirements
for data breaches•Required compliance audit within 12 months
McAfee Solutions for HealthcareNoninvasive protection for patient care
Intherapidlychanginghealthcareindustry,doctorsandotherstaffwantgreaterflexibilitytousenewtechnologyintheworkplace.Butincreasedflexibilityalsomeansincreasedrisks,includingdataloss,vulnerabilitytomalware,andviolationoftheHIPAAPrivacyRule.McAfeehealthcaresolutionsaddressthisneed,enablingyoutoprotectaccesstosensitivedata,meetregulatoryrequirementssuchasHIPAAandPCI,andachievetheefficienciesnecessaryforsuccessinahighlycompetitiveindustry.
Balancingflexibilityanddataprotectionhasbeenaparticularlydifficultgoalforthehealthcare.Ontheonehand,thepenaltiesfordatabreachesareincreasingdramatically,whileFDAregulationsrestrictchangestomedicaldevices.Ontheotherhand,doctorsandotherhealthcareprovidersareeagerforfasteraccesstoinformation,whichhelpsthemprovidebettercaretopatients.Toachievethepromisedbenefitswithoutincreasingrisk,McAfeerecommendsthathealthcareorganizationsdeployanoptimizedsecurityarchitecture.
McAfee’soptimizedsecurityarchitectureprovidesprotectionagainstemergingthreatswhileenablinghealthcareproviderstoutilizethelatesttechnologies.McAfeeprovidesthisprotectionwhilereducingthesecurityfootprint(oroverhead),notonlyfacilitatingthefreeflowofsecureinformation,butalsoreducingITresourcesrequiredtoimplementandmaintainsecureaccess.WithMcAfee,healthcareorganizationsreducethecostofsecurityandminimizetheirrisks,anddoctorsgainefficienciesandimprovetheirabilitytodeliverexcellentcare.
Test Results
Referrals
@
Billing
Diagnosis
?
?
Centralized Management
Securing protectedhealth information
at rest
Securing protectedhealth information
in motion
Protecting criticalinfrastructure
Securing medicaldevices
Managing risk and vulnerability
Industry Brief
Industry Brief McAfee Solutions for Healthcare
McAfeesolutionsforhealthcareprovidersshareacentralizedsecuritymanagementplatformtoreducethemaintenanceburdenforsecurityandregulatorycompliance.Thecentralizedsecuritymanagementplatformenablesdatasecurity,networksecurity,policymanagement,monitoring,auditing,andthereportingrequiredforPCIandHIPAAcompliance.
1. Securing Protected Health Information at Rest Risk: Theuseoflaptopsandmobiledevicesincreasestheriskthatprotectedhealthinformation(PHI)willbeaccessedbyunauthorizedindividuals.AlostorstolendevicewithunencrypteddataconstitutesabreachifthedeviceissecuredwithonlysimplepasswordprotectionandcontainsanyunsecuredPHI.
McAfee solution: Protectsdeviceswitheasy-to-manage,low-footprintencryptionthatmeetsHIPAA/HITECHencryptionlevels,minimizingthepossibilityofdatalossandthesubsequentneedtosendbreachnotifications.
• Full-disk encryption—Securespatientdataonlaptopsandcomputers•Mobile device encryption—Encryptsdata(includingclassifiedmail)onmobilephones• File/folder encryption—Automaticallyencryptsfilescopiedfromaserver•Removable media encryption—AutomaticallyencryptsdatacopiedtoUSBdrives•Virtual disk encryption—Supportsvirtualenvironments•Device control—LimitswhichUSBdevicescanbeattachedtoacomputer
2. Securing Protected Health Information in Motion Risk:Transmissionofprotectedhealthinformationacrossanetworkthroughunprotectedemailorotherelectronicfiletransfersincreasesriskofdatabreach.
McAfee solution: Transparentlyencryptsdatatransmissionandmonitorspatientinformationtopreventinadvertentormalicioustransmissionviaemail,instantmessenger,printing,web,etc.,whetherbystafformalware.
•Network data-loss prevention—Transparentlyanalyzesthenetworktopreventloss•Host data-loss prevention—BlocksPHIdatafrombeingsentbyacomputer•Encryption of emails—EnsuresPHIinformationisalwaysencryptedintransit•McAfee eBusiness Server—Encryptsandcompressesinformationbetweenservers
3. Securing Medical DevicesRisk: Malwarecandisruptnotonlycomputersbutotherhealthcaredevices.Becauseoftheiroperatingsystems,MRImachines,heartratemonitors,andtabletcomputersarealsosusceptibletomalwarethatspreadsacrossanetwork.
McAfee solution: ProtectsmedicaldevicessuchasmedicaltabletPCsandotherthinclientdevicesalongwithMRI-CADscanners.Preventsattackswithlow-footprintintegritycheckingandisincorporatedintomoreandmorevendors’premarketapprovedbuilds
•Application whitelisting—Preventsinstallationofunwantedprograms•Change control—Managessoftwareinstallationandupgradesandpreventsunapprovedchanges• “Gold master” comparison—Checksthatdeviceshavenotbeenmodified•Vulnerability scanning—Identifiessystemsatriskandcorrelatesthreatstorisks
Test Results
Referrals
@
Diagnosis
Industry Brief McAfee Solutions for Healthcare
4. Protecting Critical InfrastructureRisk: DisruptiontoclinicalservicesandbillingcanoccurifpoorprotectionallowsexternalattackstodisruptcriticalinfrastructureorcompromisePHI.Damagetoreputationcanalsooccur.
McAfee solution: Utilizesreal-timeglobalthreatintelligencetostayaheadofchangingthreats,helpingyouavertsystemdowntimeandunauthorizedaccessofPHI.
•Anti-virus and anti-spyware—Includesmalwaredetectionandremoval•Host intrusion prevention—Includesvulnerabilityprotectionandapplicationblocking•Application whitelisting—Allowsonlyapprovedapplicationstorunonaprotecteddevice•Change control—Managessoftwareinstallationandupgradesandpreventsunapprovedchanges• Firewall—Providesdefensefromnetwork-basedattacks•Network IPS—Providesnetwork-basedmalwareprotection•Email and web security—Protectsagainstspamandmalwareaswellasoutbounddataloss•Vulnerability scanning—Identifiessystemsatriskandcorrelatesthreatstorisks
5. Risk and Vulnerability ManagementRisk:Thisdifficultyoftrackingvulnerabledevicesandthelocationofprotectedhealthinformationincreasesthepotentialofadatabreachandpossibilityofwillfulinfringementpenalties.
McAfee solution: Providesdatadiscoveryandvulnerabilitymanagementtoidentify,prioritize,andmitigatetherisksassociatedwithexternalandinternalthreatsanddatatheft.
•Data discovery—ScansaccessibledevicesforsensitiveinformationsuchasPHI•Vulnerability scanning—Identifiessystemsatriskandcorrelatesthreatstorisks•McAfee Policy Auditor—AutomatesprocessesforinternalandexternalITaudits•McAfee Remediation Manager—Automatesremediationofpolicynoncompliance•McAfee Risk Advisor—Proactivelycorrelatesthreats,vulnerabilities,andcountermeasures•Vulnerability and risk assessment services—Providesexpertisetohelpyouassessyourrisks
Optimized Security Architecture—The Value We Offer Organizations Like YoursNooneisbetterpositionedthanMcAfeetorelentlesslytacklethreatsfromeveryangleandhelpyousafeguardyourpatients,users,networks,andbillingsystems.McAfeesolutions,technologies,andaward-winningglobalresearchteamcoverthefullspectrum—theendpoint,thenetwork,thegateway,theInternet,andallpointsinbetween.
McAfee enables you to move from reactive to optimized—and in the process, reduce risk and cost.
Multilayered security connects processes and intelligence across systems and networks.McAfee’sintegratedapproachaccomplishesmorethananysingleelementalone,enablingITtofulfillbusinessrequirementsmoreefficientlywhilerespondingtothreatsswiftlyandeffectively.
Billing
?
?
McAfee and/or other noted McAfee related products contained herein are registered trademarks or trademarks of McAfee, Inc., and/or its affiliates in the U.S. and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. Any other non-McAfee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their respective owners. © 2009 McAfee, Inc. All rights reserved. 7192brf_sol-healthcare_1009_ETMG
McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 888 847 8766 www.mcafee.com
Compliance is integrated into your security process. WithMcAfee,complianceandtheabilitytoprovecompliancearebuiltrightintoyoureverydaysecurityprocesses,sothatreportingandauditingissimplyanoutputoftheworkyourITteamalreadydoes.
McAfee Global Threat Intelligence offers a predictive approach to new threats. Abetterunderstandingofthethreathorizoniscriticaltomovingfromreactivetoproactive.
McAfee’s centralized platform manages your entire security portfolio. Toefficientlymanageallsecurityprocesses,theITorganizationneedsvisibilityacrosssystemsandnetworks,regardlessofwherethosesystemsandnetworksarelocated.
Throughourbroadsolutions,centralizedmanagement,integratedcompliance,andGlobalThreatIntelligence,McAfeeenablesyoutomoreeffectivelyprotectyourpatients,staff,systems,anddata.
About McAfeeMcAfee,Inc.,headquarteredinSantaClara,California,istheworld’slargestdedicatedsecuritytechnologycompany.McAfeeisrelentlesslycommittedtotacklingtheworld’stoughestsecuritychallenges.Thecompanydeliversproactiveandprovensolutionsandservicesthathelpsecuresystemsandnetworksaroundtheworld,allowinguserstosafelyconnecttotheInternet,browseandshopthewebmoresecurely.Backedbyanaward-winningresearchteam,McAfeecreatesinnovativeproductsthatempowerhomeusers,businesses,thepublicsectorandserviceprovidersbyenablingthemtoprovecompliancewithregulations,protectdata,preventdisruptions,identifyvulnerabilities,andcontinuouslymonitorandimprovetheirsecurity.http://www.mcafee.com.
Industry Brief McAfee Solutions for Healthcare