Healthcare
Healthcare organizations are in the midst of a complete turn around with regard to
information security and privacy. Once defined by open environments and large
sprawling networks that interconnected to other hospitals, clinics, medical colleges
and research organizations, the healthcare facility today is moving to one of control,
confidentiality, integrity, and accountability.
Conversely, healthcare organizations are also challenged to make information more
available to physicians and patients. Patients want to access their medical data online.
Physicians want immediate access to lab reports and diagnosis - at times from remote
parts of the world. More and more medical devices are also being connected to large
healthcare networks, often with exposed commercial operating systems that control them.
The seemingly paradoxical demand in healthcare organizations today is increased
availability and security.
TippingPoint's Intrusion Prevention Systems (IPS)
are designed to meet the growing demands of increased availability, comprehensive security
and regulatory compliance for healthcare organizations:
-
HIPAA - Health Insurance Portability
and Accountability Act
HIPAA is aimed to improve the efficiency of healthcare data and processing through the
standardization of administrative and financial data transactions, while protecting the
privacy and integrity of patient information.
Integrating the TippingPoint into a healthcare network addresses many of the HIPAA requirements
for securing protected health information. The TippingPoint IPS protects by:
- Protecting against unauthorized access to the network and malicious attacks against
networked equipment and medical systems
- Providing constant vigilance against emerging vulnerabilities
- Provides detailed reporting options for reviewing network behavior and blocked attacks
-
FDA Section 510(k) of the Food,
Drug and Cosmetic Act
Medical devices have become critically exposed to software vulnerabilities and the threat of
viruses and worms. FDA regulations specific to medical device manufacturers pose several
challenges:
- Any changes, including patches, impact the integrity and operations of the device
- All devices must go through rigid validation process to ensure operability
- Failure to comply results in FDA penalties and in the worst case, harm to patients
With the sensitivity of networked medical equipment, any attack against a network can have
devastating affects. The TippingPoint IPS provides a complete solution, including specific filter
protection for underlying operating systems of medical devices. Additional categories of filters
in the TippingPoint IPS provide enhanced protection against malicious attacks that can cripple network
services and accesses required for this medical equipment.
-
FDR 21 Code of Federal
Regulation Part 11
FDA regulations establish requirements for the acceptance of electronic records and signatures,
in lieu of paper records and written signatures, which must be reviewed and securely archived.
TippingPoint provides a solution to protect against these access and security issues, ensuring the
proper authorization of network users, data transfer, and traffic security. The TippingPoint IPS
provides a powerful tool to maintain a "Closed Systems" for healthcare provider institutions
(except those conducting research, like an academic medical center). For these organizations,
the IPS provides integrity and extensive protection from unauthorized access and hacking. Through
network isolation using a network IPS strategy and deployment, a regulated organization can ensure
that the closed environment is sealed and secured.
University of Washington Medical Case Study
Wellstar Health System Case Study
For more information, download our white paper: "Securing Critical Data and IT Infrastructure in Healthcare Environments."
RSS FEEDS