Today’s modern networks require flexibility to allow workers to work from multiple locations. One of the most common methods to achieve remote network access is a Virtual Private Network (VPN). VPN’s can come in all shapes and sizes, from hosted to on-premises, to in the cloud, and can be built to fit all needs. However, one topic that is often overlooked is whether or not to allow VPN users to utilize split tunneling. Webopedia defines split tunneling as “The process of allowing a remote VPN user to access a public network, most commonly the Internet, at the same time that the user is allowed to access resources on the VPN.” The idea is a user has a tunnel to the corporate network to access any apps or shared drives through the VPN connection while still utilizing the local internet connection of the remote user for access to the web or local resources.
Council Members Provide Expertise on Various Security and Privacy Programs of Interest to Healthcare Industry
Intraprise Health is pleased to announce that Ryan Patrick and Melissa Hawkins have been appointed to the HITRUST CSF Assessor Council. In its second year, the HITRUST CSF Assessor Council includes members representing a broad range of experience in information security and privacy. Appointees work closely with HITRUST to ensure and evolve HITRUST’s integrity, effectiveness and efficiency.
“We are honored to be appointed to the HITRUST CSF Assessor Council,” said Ryan Patrick, Senior Vice President and leader of Intraprise Health’s HITRUST practice. “Together with my colleague, Melissa Hawkins, we look forward to working closely with HITRUST to both learn from them and give them the benefit of our 8 years of field experience as a HITRUST Assessor firm.”
Certified Assessors since 2011, Intraprise Health (formerly BluePrint HIT) is completely focused on healthcare. With specifically designed programs for health systems, business associates and payers, Intraprise Health’s proven methodology and certification program management tools have helped healthcare organizations of all sizes achieve HITRUST certification. Intraprise Health’s broad range of security services include:
- HITRUST Certification services
- HIPAA Security Risk Analysis
- Education and Awareness Training
- Vulnerability/Penetration Testing
- Security Risk Assessments
- Third Party Risk Management
For more information about Intraprise Health and our HITRUST CSF services, please click here.
To register for our upcoming HITRUST CEP, being held in Malvern, PA on August 28 click here.
To register for our San Francisco CEP, to be held September 10, click here.
BluePrint Protect™ Security Risk Management Software Manages and Automates Security
YARDLEY, Pennsylvania, August 13, 2019 – Utilizing more than a decade of expertise in security and technology for healthcare clients, Intraprise Health has created BluePrint Protect™ Security Risk Management Software. BluePrint Protect™ was created to help organizations efficiently manage and automate their security program, starting with one of the most pressing needs for any organization, Third-Party (Security) Risk Management, or TPRM.
Utilizing its intuitive, modern interface, BluePrint Protect™ customers gain a comprehensive, ongoing and dynamic view of their enterprise-wide third-party risks by automating TPRM processes and leveraging Intraprise Health’s third-party/vendor knowledge base, or “Third-Party Assessment Cloud.” Security team members, users from across an organization’s supply chain and their third parties can access or be connected to the platform to collaborate and communicate in real-time. BluePrint Protect™ drives task management and reporting to accelerate milestone completion, thereby reducing the resource burden and time commitment for all involved, especially the customer’s security team.
“BluePrint Protect™ is a unique software and service-delivery platform designed to solve some of the biggest cybersecurity challenges that health systems, payers, pharma companies and their third-party vendors must deal with today and into the future,” Intraprise Health CEO Sean Friel says. “It’s the first-ever healthcare-focused workflow automation and visualization platform designed by certified healthcare cybersecurity professionals for Chief Information Security Officers (CISOs) and their security teams.”
In addition to serving as a platform for delivering Intraprise Health’s healthcare industry-leading TPRM services, some unique BluePrint Protect™ features include:
- Cyber Risk Index and Enterprise Risk Register
- Healthcare-specific software to automate workflows, enable collaboration to drive efficiencies and scale
- Visualization tools and dashboard for a “single-pane of glass” view of enterprise-wide security risks
- Automation and acceleration of key Information Security Office functions
Steven Goriah, Westchester Medical Center Health Network’s Vice President of Information Technology/CIO and Chief Information Security Officer, recognizes the need to holistically manage third-party risk. “WMCHN has partnered with Intraprise Health for several years to build a robust and certified information security program including the implementation of our TPRM processes. Going through a security risk assessment is a rigorous and time-consuming process for everyone involved. We expect the use of BluePrint Protect™ along with their TPRM services will deliver more efficiencies and a better experience for all stakeholders including our third-party vendors and partners.”
These features can help reduce the costly possibility of breaches. Each breached health record costs organizations on average $380 per record. The HIPAA Journal estimates there were 2,546 healthcare data breaches involving more than 500 records between 2009 and 2018. The breaches resulted in the theft or exposure of almost 190M healthcare records. “That equates to more than 59% of the population of the United States,” the HIPAA Journal states. “Healthcare data breaches are now being reported at a rate of more than one per day.”*
About Intraprise Health
Intraprise Health is a healthcare focused cybersecurity solutions firm and a certified HITRUST Assessor with extensive experience in the NIST Cybersecurity Framework. Providing health information security products and services to assess, remediate and monitor cybersecurity risk, Intraprise Health’s services include penetration testing, medical device security, third-party (vendor) risk management, phishing exercises and business impact analysis. Intraprise Health’s newest product, BluePrint ProtectÔ, helps organizations efficiently manage and automate their third party risk management program, providing hospitals and health systems with a comprehensive, ongoing and dynamic view of their enterprise wide third party risks and automating and accelerating key information security office functions. Intraprise Health received a 97.2 rating in the 2018 KLAS Cybersecurity Services report in the Advisory Focused Firm category.
September 19 at 12 EST.
Is it time for your annual Security Risk Assessment? The importance of an SRA is clear — it helps healthcare organizations ensure their physical, technical, and administrative safeguards are compliant with HIPAA requirements. It also assists in showing areas where an organization might be putting PHI and other sensitive information at risk. Sign Up Now
Organizational Resilience and Security Risk Assessments
The importance of a Security Risk Assessment is clear — it helps healthcare organizations ensure their physical, technical, and administrative safeguards are compliant with HIPAA requirements. It also assists in showing areas where an organization might be putting PHI and other sensitive information at risk.
The Challenge of Medical Devices:
Medical devices represent significant exposure and potential vulnerability to healthcare organizations.
There are thousands of medical devices in use even in small medical operations. These devices are generally made to meet a specific use, and not often created with security at top of mind. They are also essential to keep functioning in order for health systems to operate. The volume, use, and design of medical devices combine therefore to present a unique challenge for healthcare security. Read More