Trustwave for Health Care
A comprehensive and flexible portfolio for health care organizations wishing to protect their infrastructure, networks, data
Data breaches affecting the health care industry are often caused by accidents and human error. Now, targeted data loss incidents are becoming more common. And as breaches increase in prevalence, the value of this data is increasing in the criminal underground as well.
Overview:
The health care industry is comprised of hospitals, doctor’s offices, nursing homes, pharmacies, health insurance companies and more. In the United States, for example, some 600,000 establishments make up the this industry, mostly the offices of practitioners. Hospitals comprise about 1 percent of all of the health care entities, but employ roughly 35 percent of workers.
More and more, each of these organizations deals with sensitive digital patient data, which can range from names and Social Security numbers to fingerprints and patients’ conditions to diagnoses. According to the Health Care Portability and Accountability Act (HIPAA), “covered entities” and their business associates must safeguard this data, which is known in the law as electronic protected health information (ePHI).
Medical data is becoming more vulnerable by the day. Studies have found that more than nine out of 10 health care organizations have sustained a data breach over the past two years. A recent report from the Health Information Trust Alliance revealed that more than 20 million health care records have been breached since 2009 — 96 percent through electronic means — at a total cost of $8 billion.
Organizations have been slow to identify the breaches, with the average time to detect almost 85 days. In addition, business associates — those third-party contractors that serve health care organizations — were responsible 58 percent of the time. And while many of these breaches are still due to human error, a vastly increasing number are malicious in nature, either caused by trusted insiders or external attackers.
Here are some of the factors and drivers that place health care organizations at growing risk:
Reactive Versus ProactiveSome health care organizations are behind the curve when it comes to preparing for security threats. Part of that is attributable to failing to maintain an adequate and updated risk assessment, something that is required by HIPAA. Should a health care organization experience a breach, regulators will penalize entities for failing to recognize the warning signs.
CommoditizationMedical data has soared in value on the black market as other sought-after information, such as credit card numbers, have become commoditized. Cybercriminals recognize the value of patient data, such as stolen health insurance numbers, to acquire medications and services.
MobilityDoctors, nurses and administrators increasingly are using devices such as smartphones and tablets to access, receive, transmit and store patient information. This results in efficiency wins and improved patient care, yet these devices often lack basic security, such as access controls and encryption, making them vulnerable to malfeasance and data loss.
Health Information ExchangesHIEs and electronic health records (EHRs) enable health care information to be shared across disparate systems and multiple providers, something that was nearly impossible to do in the past. But with government incentives to invest and advances in technology come news risks and challenges, including not only data protection but also determining who owns the data and what access patients have.
Solutions:
Trustwave offers a comprehensive and flexible portfolio for health care organizations wishing to protect their infrastructure, networks, data and users against today's advanced threats, while ensuring compliance with regulations and requirements such as HIPAA/HITECH and PCI DSS.
Risk Assessment ServicesHelps you find, identify and prioritize threats to your organization so you can correct any deficiencies, and obtain and maintain compliance.
Data Loss PreventionAllows you to discover and classify electronic protected health information and prevent it from leaving the network.
Network Access ControlEnsures managed and unmanaged devices connecting to the network comply with policies and do not introduce malware.
Two Factor AuthenticationServes as a token-less, cloud-based solution to prevent password interception and guessing, and approve legitimate users.
Secure Web GatewayEnables safe and productive access to Web 2.0, while ensuring compliance, minimizing data loss and eliminating malware risks.
Web Application FirewallProtects web applications against external attackers using web vulnerabilities, such as SQL injection, to steal patient information.
SIEMHelps you gain broad visibility of threats to your network and improve your compliance process through logging, monitoring, and analysis of events.
Security Awareness EducationInstructs your employees and contractors to understand the threat of social engineering and follow best practices for security, including password management and the safe use of web and social media tools.
Penetration TestingIdentifies and manages potential vulnerabilities in your networks, applications or databases, and evaluates their ability to withstand attack.
Incident Readiness and ResponseAllows your staff to proactively identify the indications of a breach and contain it quickly and effectively.
Benefits
Embrace BYOD
With health practitioners turning to mobile devices for the more seamless administration of patient care, we help you make the most of this phenomenon through real-time detection of managed and unmanaged devices to prevent threats, authenticate users, and protect data in case the devices are lost or stolen.
Risk Controls and Compliance
Regulatory pressures facing the health care industry require organizations to have a thorough understanding of their risks and then be able to implement policies and technology to rectify any shortfalls. Trustwave solutions are created with compliance in mind, and directly can map back to all of your requirements, no matter how prescriptive they are.
Fight Heath Care Fraud
Whether it's an opportunistic insider snooping on sensitive patient data or an external attacker leveraging targeted malware to gain access to a system, Trustwave's data security safeguards protect sensitive information to mitigate fraud. Our solutions will help you discover and classify data that needs protection, and ensure it doesn't leave in the wrong hands.
Automate and Achieve Simplicity
Through our cloud-based TrustKeeper platform, you get a single view into of your technologies and services, so you can more effectively manage your security program. In addition, you can centrally automate and manage controls, policies and procedures across multiple compliance frameworks. Whether your business is large or small or something in between, TrustKeeper is built to scale with you.
Documentation:
Download the Trustwave Security Awareness Education for Health Care Data Sheet (PDF).
Download the Trustwave Urgent Care Solutions Data Sheet (PDF).