BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Unified Vulnerability Management for Healthcare

Post by Morey Haber April 20, 2011

Today’s businesses are facing greater regulatory demands, increasing vulnerabilities, a rapid shift to digital business processes, and flat budgets.  The healthcare industry is no different and shares the same problems as almost every other vertical; how to keep sensitive data secure. Regardless of patient information, billing and payment data, and historical medical information, protecting an individual’s rights and securing the transmission of data (paper and electronic) is one of the fundamental principles for HIPAA (Health Insurance Portability and Accountability Act of 1996). How industry manages these problems is based on the fundamental characteristics all business use to store and process large quantities of data; computers. Almost every vertical has some form of government (or private like PCI) regulation that has been enacted in the last 20 years to safe guard consumers and businesses from loose processes and malicious intent. They all share a common theme for managing vulnerabilities and controlling risk. For information technology, this is defined as Unified Vulnerability Management and all regulatory initiatives can be distilled down to the common information technology processes for managing the security of user and business data.

Meeting HIPAA requirements, according to an eEye study, takes as much as 50% of your workweek. And as if compliance itself wasn’t challenging enough, you now also need to protect against highly sophisticated attacks on healthcare organizations. eEye enables the healthcare sector to keep up with the growing and complex issues of vulnerability management by providing a solution that has been tailored specifically to the needs the industry requires. Retina addresses the security and privacy of health data through vulnerability assessment and endpoint protection by providing Administrative and Technical Safeguard Controls (HIPAA Section 508) and documenting risk analysis and management programs.

By using eEye’s Unified Vulnerability Management solution, Retina can identify the asset, associated risks, and vulnerabilities, and allow a complete review of the data in the proper context all the way through the remediation stage and final verification of fixes.   eEye complete solution incorporates a sophisticated events management system to manage the entire process and minimize resources needed to undertake this critical security initiative.

In the following five steps, a user can meet healthcare regulations and obtain compliance with business objectives using Retina:

  1. Identify all network assets regardless of function and connectivity (wired and wireless)
  2. Report security risks by vulnerabilities, regulatory compliance (HIPAA), and improper configurations.
  3. Mitigate and remediate vulnerability and security risks.
  4. Reassess and confirm mitigation steps are correct and processes are working within guidelines.
  5. Provide trending and reporting to document long term process requirements.

And, most importantly start at step one again on a periodic basis (normally monthly) to ensure the process is ongoing and maintained.

For more information on how eEye can assist your healthcare business, please click here. Unified Vulnerability Management from eEye has been designed to streamline your processes and provide you the toolsets to make regulatory compliance for healthcare a simple process to follow.

Leave a Reply

Additional articles

smart rules manager for vulnerabilities - v2

A New Way of Looking at Vulnerabilities in Your Environment

Assets, users, vulnerabilities and exploits; all are common themes in my posts on BeyondInsight. With BeyondInsight v5.1, we unveiled a new way to view exploitable assets. Sure, most vulnerability management solutions link vulnerability data to exploit information, allowing tools like NeXpose and QualysGuard to list an asset, its vulnerabilities, and any related exploits. BeyondInsight does…

Post by Morey Haber April 23, 2014
Tags:
, , , , ,
smart rules manager for vulnerabilities

Staying on Top of the Latest Vulnerabilities with BeyondInsight v5.1

It’s no secret that dozens of new OS and application vulnerabilities are revealed every day. Staying on top of these new exposures normally requires paying for services or subscribing to multiple RSS feeds. BeyondInsight 5.1 provides customers with another option: a built-in, customizable vulnerability alerting system that delivers up-to-date information on the latest vulnerabilities in…

Post by Morey Haber April 21, 2014
Tags:
, , , , , ,
BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,