Today’s modern networks require flexibility to allow workers to work from multiple locations. One of the most common methods to achieve remote network access is a Virtual Private Network (VPN). VPN’s can come in all shapes and sizes, from hosted to on-premises, to in the cloud, and can be built to fit all needs. However, one topic that is often overlooked is whether or not to allow VPN users to utilize split tunneling. Webopedia defines split tunneling as “The process of allowing a remote VPN user to access a public network, most commonly the Internet, at the same time that the user is allowed to access resources on the VPN.” The idea is a user has a tunnel to the corporate network to access any apps or shared drives through the VPN connection while still utilizing the local internet connection of the remote user for access to the web or local resources.
Council Members Provide Expertise on Various Security and Privacy Programs of Interest to Healthcare Industry
Intraprise Health is pleased to announce that Ryan Patrick and Melissa Hawkins have been appointed to the HITRUST CSF Assessor Council. In its second year, the HITRUST CSF Assessor Council includes members representing a broad range of experience in information security and privacy. Appointees work closely with HITRUST to ensure and evolve HITRUST’s integrity, effectiveness and efficiency.
“We are honored to be appointed to the HITRUST CSF Assessor Council,” said Ryan Patrick, Senior Vice President and leader of Intraprise Health’s HITRUST practice. “Together with my colleague, Melissa Hawkins, we look forward to working closely with HITRUST to both learn from them and give them the benefit of our 8 years of field experience as a HITRUST Assessor firm.”
Certified Assessors since 2011, Intraprise Health (formerly BluePrint HIT) is completely focused on healthcare. With specifically designed programs for health systems, business associates and payers, Intraprise Health’s proven methodology and certification program management tools have helped healthcare organizations of all sizes achieve HITRUST certification. Intraprise Health’s broad range of security services include:
- HITRUST Certification services
- HIPAA Security Risk Analysis
- Education and Awareness Training
- Vulnerability/Penetration Testing
- Security Risk Assessments
- Third Party Risk Management
For more information about Intraprise Health and our HITRUST CSF services, please click here.
To register for our upcoming HITRUST CEP, being held in Malvern, PA on August 28 click here.
To register for our San Francisco CEP, to be held September 10, click here.
More than 81 % of U.S. hospitals and health systems and 80 % of U.S. health plans use the HITRUST Common Security Framework (CSF). It provides implementation standard that is understood and accepted throughout the healthcare industry. Having HITRUST certification in place shows other healthcare entities that you take your security seriously.
You and your cybersecurity colleagues have done your research. You know the HITRUST framework is top-notch and addresses federal and state regulations and several security frameworks. Executives of your organization see the value in HITRUST’s CSF that will help you assess and manage your organization’s information security. You’ve got the green light. Where do you go from here? Education. From executive leadership to front line employees everyone needs to understand and accept the level of effort and commitment it takes to properly adopt the HITRUST CSF. Organizing educational sessions with stakeholders and identifying an organizational champion (someone that is very visible, respected and influential in the organization) to assist in sending the message.
What’s next?: Engaging staff throughout the organization
By Joshua Perri
In today’s networks, having a strong defense at the perimeter-points is not sufficient to keep your data safe. The IT landscape moves very quickly and so do the threats that we face. Strong networks will implement additional defenses to protect the internal boundary points. These additional defenses will ideally vary in strength and type between segments, which house varying sensitivity levels of data. The Healthcare industry has been slowly adopting stricter network segmentation and role-based access throughout the entirety of its networks.
Value for healthcare security – Not just a government planning tool
Government defense and response agencies from the Pentagon to FEMA, from state government to the EPA, have been conducting tabletop exercises (TTXs) for years. Why? In a word: they work. Cybersecurity attacks have been increasing in numbers and complexity against our government’s critical infrastructures and led to the development of cybersecurity exercises as a strategic way for an organization to test their detection and response actions, and as well as their response to information security threats and vulnerabilities in a real-time environment. Read More
Today, covered entities and business associates are addressing a wide-range of regulatory requirements necessary to solve the growing complexities in the healthcare industry. Evolving technologies, migration to the Cloud, and cyber threats like ransomware are just a few top-of-the-mind issues. Combine those with regulations under HIPAA, Meaningful Use, PCI, COBIT and ISO, and you will find that covered entities and business associates need a way to manage their security programs more effectively. Read More
Organizational Resilience and Security Risk Assessments
The importance of a Security Risk Assessment is clear — it helps healthcare organizations ensure their physical, technical, and administrative safeguards are compliant with HIPAA requirements. It also assists in showing areas where an organization might be putting PHI and other sensitive information at risk.
Transport Layer Security (TLS), and its predecessor Secure Sockets Layer (SSL), have come under scrutiny by security researchers and advisors in the wake of numerous vulnerabilities that plague their older versions. SSL/TLS are cryptographic protocols utilized while web browsing, emailing, and using Voice Over IP (VOIP) services. Read More
The Challenge of Medical Devices:
Medical devices represent significant exposure and potential vulnerability to healthcare organizations.
There are thousands of medical devices in use even in small medical operations. These devices are generally made to meet a specific use, and not often created with security at top of mind. They are also essential to keep functioning in order for health systems to operate. The volume, use, and design of medical devices combine therefore to present a unique challenge for healthcare security. Read More
Intraprise Health (formerly BluePrint Security Services) was rated in the advisory focused firm category, scoring 97.2* out of a possible 100 points. The cybersecurity firm was praised by hospital and health system clients for five key areas – mitigating security risks, healthcare knowledge, a unique audit methodology, strategic expertise, and tailoring services to client need (Customer Interview Details, Page 69 – Cybersecurity Services 2018.). Read More