skip navigation
Subscribe via RSS  


Tag Cloud
password management, hitech, data breach, breach, security, hipaa compliance, biometrics authentication, password sharing, security risk, security breach, secure authentication, data security, password policy, healthcare access management, user authentication, fingerprint biometrics, user access, data breaches, biometric authentication, healthcare single sign on, strong authentication, fingerprint biometrics,, hipaa, access management, single sign-on, onesign, application access, network access, proximity cards, insider breaches, compliance, authentication management, healthcare, emr, finger biometrics, two-factor authentication, security risks, biometric fingerprints, identity management, management, identity and access, secure application access, enterprise security, biometrics, application security, single sign on, mckesson insight conference, medical records, healthcare single sign-on, enterprise single sign on, single sign on technology, fingerprint biometric, identity and access management, biometric fingerprint, password policy management, himss 09, physical and logical convergence, two factor authentication, biometric identification, insider threat, events, user provisioning, electronic transactions, passwords, physical-logical convergence, physical logical security, esso, simple sign-on, sso, sso appliance, summit, keystone, 2008, authentication and access management, physical and logical access, authentication, physical/logical, asis, convergence, strong passwords, physical security, access and authentication, security breaches, secure access, sign-on


Archive
July 2010 (2)
June 2010 (3)
May 2010 (3)
March 2010 (4)
February 2010 (5)
January 2010 (1)
December 2009 (3)
November 2009 (3)
October 2009 (4)
September 2009 (4)
August 2009 (7)
July 2009 (4)
June 2009 (4)
May 2009 (1)
April 2009 (2)
March 2009 (2)
February 2009 (2)
January 2009 (1)
December 2008 (1)
November 2008 (2)
October 2008 (3)
September 2008 (4)
August 2008 (4)
July 2008 (6)
June 2008 (5)
May 2008 (8)


Authors
Michael Bilancieri
Dr. Barry Chaiken
Jim Whelan
Ali Pabrai
Tom McDermott
Jon Hamdorf
Chris Feeney
David Ting
Bill McQuaid
Jason Mafera
John Clark
Chip LeBlanc
Christopher Paidhrin
Rik Van Bruggen


Recent Posts
Even Spies Have Password Management Problems
HIT Policy Committee Consumer Choice Technology Hearing Recap
Major Healthcare Patient Data Breaches Nearing 100-Mark
PHI Access Requires Robust Security and Privacy
User Access Relevance in a HITECH Age


Chat Now
Chat Now
 


SSO and Strong Authentication: How OhioHealth Built a Paperless Hospital
In this case study presentation, Joe Greene, IT Security Director at OhioHealth, explains how he and his team approached employee access challenges when they laid the IT foundation at Dublin Methodist, a brand new paperless hospital. More than a year after the doors opened at Dublin, their project is a proven success and there are many best practices and lessons learned to be shared with viewers.  Download the webinar today!

Identity 360 - An Imprivata Blog



filter by tag: security risks

Halloween Scary Security Stories – Healthcare Security Risks

October 30, 2009 at 11:28 AM by David Ting

 

 

This week, I took part in Network World’s annual real-life scary security stories podcast, a panel hosted by Keith Shaw that looks at some of the most frightful security incidents over the past year.  This year, I focused on some of the data security incidents that are becoming all too common in the healthcare industry.

 

It seems like we read about a new healthcare related data breach every other week – whether its celebrity records being exposed, or a case like the Virginia Department of Health exposing more than 8 million patient records.  For security officers and CIOs in healthcare, a bigger scare is found in the new fines imposed by states like California, where organizations are fined up to $250,000 for each data breach incident.

 

These incidents, and the harsh penalties being enacted, have forced the healthcare industry to take a closer look at their security practices.  Most organizations understand the need for strong authentication – using technologies such as biometric fingerprints to ensure that only the properly credentialed can access sensitive data.  While this prevents the wrong people from accessing your systems, it doesn’t address the growing concern of unintentional data breaches caused through inadvertent access.

 

Inadvertent access occurs when someone is authenticated into a system, but accidentally leaves the access open on the workstation they’re using.   Here’s one story I shared with Keith:

 

·         A customer I spoke with had a small clinical practice with 3 examination rooms – each containing a computer.  As the nurse walks in, she securely authenticates into the workstation to log patient data.  When she’s finished, she locks the stations and goes to get the doctor.  As the doctor comes in to see the patient, he re-authenticates into the system and adds in his patient notes and diagnosis, then leaves to check on another patient – leaving the system unlocked.   The patient now has access to his medical records and can see all the notes the doctor wrote – while having the ability to access other records in the system.

 

In the instance above, the healthcare organization was sued by the patient who actually looked at his own record and didn’t like the information the doctor wrote about them.

 

Scary stuff – despite properly authenticating users, unintentionally leaving the system open created a security hole that circumvented these controls.  I’ve blogged about the importance of walk away security in the past, which can close the other side of the security gate and prevent unintentional access from occurring.

 

Have a scary security story to share?  Email me and let me know.

 

Tags:  security risks, data security, strong authentication, biometric fingerprints

Tagssecurity_risks biometric_fingerprints strong_authentication data_security

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 

From HIPAA Compliance to HITECH – Reforming Healthcare Security

September 22, 2009 at 3:10 PM by David Ting

Khalid Kark of Forrester Research recently issued a useful whitepaper that outlines the security reforms needed to improve patient data security in the healthcare industry. A complimentary copy of the Forrester whitepaper, “Healthcare Security: Ready or not, Here it Comes,” can be downloaded from the Imprivata website.

The whitepaper highlights four key reasons why healthcare organizations are failing behind on security. Khalid provides a comprehensive set of recommendations to help healthcare organizations address these challenges – these are near and dear to what we do here every day. I thought I would share some of the insights gathered from work with our many healthcare customers.

I’ll tackle two of these issues in today’s post, and address the remaining ones in a subsequent posting.

1. Basic security technologies and processes are missing:
Kark correctly states that many CISOs struggle to get management’s attention on security issues and are limited in the resources they have to address the critical security risks they face. Bill McQuaid, CIO for Parkview Adventist Medical Center, recently spoke about how they were able to achieve Stage 6 HIMSS Analytics status, despite their relatively small size. Deploying strong authentication technologies, like fingerprint biometrics, considerably increases clinician productivity, while ensuring that only properly credentialed users have accessing sensitive information. This combination of security along with greater user productivity is sure to gain the attention of any manager.

2. Security spending lags behind other leading industries

As Khalid notes in his whitepaper, higher spending doesn’t necessarily equate to stronger security. What matters is using the dollars and resources you do have wisely. The days of enterprise-wide projects that take years to complete are over. By identifying the immediate areas of risk and implementing projects that yield immediate results, you can protect your organization, while demonstrating a quick ROI – this can come in handy when fighting for more dollars to spend on additional projects.

What are the main obstacles you’re facing in securing your organization? Share your story.
David

TagsFingerprint_biometrics HIPAA_compliance data_security security_risks strong_authentication

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 

HITECH Grants – Earmark Dollars for Data Security Too

August 27, 2009 at 7:09 PM by David Ting

In February 2009, the Obama administration announced that $2.0 billion in grant money will be made available to help hospitals and other health care providers transition to electronic health records (EHR). This past Monday, the White House took a big step and launched the first of two grant programs under the HITECH act which lays the groundwork for EHR.

The grant will be used to create what the HITECH Act calls the Health Information Technology Regional Extension Centers. These regional centers will play a major role in implementing a nationwide system of health information networks.
According to the Health and Human Services website, these centers will help hospitals select EMR technology, provide assistance on the implementation front, and ensure that the hospitals are complying with all regulatory and legal requirements to protect the patient’s health information.

While it’s encouraging that the regional centers will have a strong focus on enterprise security, it’s critically important that HITECH doesn’t become a HIPAA like paper tiger of passive regulations with little accountability. As I’ve blogged previously, the universal adoption of EHR significantly increases the vulnerabilities for a security breach of patient information. Security assurance remains a primary hurdle to the widespread adoption of EHR, but technologies like strong authentication, including fingerprint biometrics, proximity cards, etc…, are now widely available and can fullfill the promise of EHRs by significantly minimizing the security risks.

Khalid Kark of Forrester Research just issued a compelling whitepaper on how HITECH can strengthen information security across healthcare – accomplishing what HIPAA ultimately may have failed to do. If you’re moving forward on EMRs and have questions about security, you can download a complimentary copy of the Forrester whitepaper, “Healthcare Security: Ready or not, Here it Comes,” from the Imprivata website.

I’d be interested in hearing how HITECH may impact your hospital’s move towards EHRs, and what role you think these centers can play in facilitating your timely implementation.

Tagssecurity_risks Fingerprint_biometrics security_breach enterprise_security strong_authentication HIPAA data_security

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 

2009 Desktop Virtualization Survey – Understanding the New Security Risks

August 18, 2009 at 4:00 PM by David Ting

Last December, I blogged about the growing interest in implementing desktop virtualization (VDI) and the enterprise security challenges companies would face in this new environment. As with any new technology the best way to learn what is really happening is to listen to the field. With that in mind we polled executives across industries to understand the rate of VDI adoption and recently released the results as part of the “2009 Desktop Virtualization Survey.”

While organizations are increasingly embracing VDI/hosted virtual desktop as a way to reduce IT costs associated with desktop maintenance, there are still security concerns and fundamental challenges facing these companies as they change to this new desktop delivery vehicle. Most of these concerns center around managing user identities, roles and enforcing access policies.

In a VDI environment, user identities become relevant in multiple points within the virtual desktop, making the coordination and enforcement of access policies a more difficult task. Having a centralized way to manage user identities, roles and access policies is critical. This is true however you choose to deliver desktops to your users.

To help deal with these security challenges, the survey found organizations are increasingly turning to strong authentication solutions such as fingerprint biometrics, and proximity cards to associate a user identity to the desktop so an authentication and policy can be applied to control the type desktop the user can access. This type of strong authentication ensures the desktop is being used by a properly credentialed user and provides the critical step in managing role-based access at the desktop level.

As the unique security challenges of VDI become more well know, I expect we’ll see a greater emphasis on multiple forms of strong authentication to coordinate user IDs and access policies, which will enable organizations to overcome the final barrier to realizing the true potential of VDI solutions.

I’ll be discussing this and more in an upcoming webinar with Forrester’s Natalie Lambert, go here to register.

Have you implemented VDI in your organization? Are you on that track? Let me know what challenges you’re facing.

Tagsenterprise_security security_risks strong_authentication Fingerprint_biometrics

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 
© 2010 Imprivata, Inc. all rights reserved | Sitemap