Blog Listing

Halloween Scary Security Stories – Healthcare Security Risks
Halloween Scary Security Stories – Healthcare Security Risks
This week, I took part in Network World’s annual real-life scary security stories podcast, a panel hosted by Keith Shaw that looks at some of the most frightful security incidents over the past year. This year, I focused on some of the data security incidents that are becoming all too common in the healthcare industry.
2009 Identity Management Mid-Year Report:  A brief look back and ahead
2009 Identity Management Mid-Year Report: A brief look back and ahead
Back in January, I shared some of my observations on 2009 Priorities for identity management in the new economic reality people are faced with - productivity, security and manageable IT projects. This year’s economics have forced people to do more with less, manage tighter budgets and maintain enterprise security while dealing with re-orgs and layoffs. While 2008 was the worst year to date for data breaches, 2009 hasn’t been much better if you look at this chronology of data breaches, including the recently disclosed incident at Goldman Sachs. The Identity Theft Resource Center keeps tabs as well, and has a nice snapshot of high-profile data breaches. Many of these are the result of unauthorized access, some combined with placing malicious code on servers or laptops to siphon off data. It’s amazing the methods that are being used to access systems, steal data, sometimes extort money and always damage reputations. Potential impact of the Goldman Sachs’s unauthorized upload of proprietary software is still under investigation, but information on how easy it was to pull off makes for scary reading. Given the potential impact of data breaches, there has been significant progress made to tighten access to systems, so let’s review some of the relevant things that are happening in identity management. Following are three areas, I believe, we need to watch for in the latter half of 2009...
Tips and Tricks for selecting Strong Authentication
Tips and Tricks for selecting Strong Authentication
Strong authentication can come in a variety of forms, each with it's own unique strengths and weaknesses. Before selecting a type of strong authentication, think about the following:
Inside the Insider Threat
Inside the Insider Threat
Insider threat is among the biggest challenges security folks face in 2008. The perimeter is dissolving with increased reliance on distributed computing and the mobile workforce, making it more difficult than ever to put up definitive walls around the enterprise. It's a simple reality that we all have to deal with. Check out last month's 2008 Global Information Security Workforce Study conducted by Frost & Sullivan for ISC(2) and SearchSecurity.com's coverage. Two-factor authentication using biometrics as well as physical-logical convergence will gain speed in dealing with the insider threat.
Welcome, Jim Whelan, VP of Imprivata’s North American Healthcare Group
Welcome, Jim Whelan, VP of Imprivata’s North American Healthcare Group
I’m excited to join Imprivata at a time where healthcare IT, patient data security and clinician workflow efficiencies are front and center in boardrooms and nurses' stations across the country’s healthcare institutions. With more than 500 hospitals on the customer roster, one million healthcare users and strategic relationships with all of the popular HIS vendors, Imprivata has built a strong foundation that was very attractive for me to join and bring my experiences. Imprivata’s healthcare pedigree enables us to focus on delivering practical innovations for solving real-world problems surrounding simplifying and securing user access in hospital environments.
Identifying Identity Resources, Part II
Identifying Identity Resources, Part II
Back when this blog was in its infancy, we outlined a number of identity management resources that readers should check out. Those blogs are still on the “must-read” list, but there are a number of new ones that have popped up that people interested in identity and access management may find useful...
Medical ID Theft and Tying Patients to Electronic Records with Strong Authentication
Medical ID Theft and Tying Patients to Electronic Records with Strong Authentication
The New York Times recently published an interesting article on the rising problem of medical identity theft. When the federal government last researched the issue in 2007, more than 250,000 Americans reported that they were victims of medical identity theft. Since that last report, most experts agree the problem has undoubtedly grown, in part because of the growing use of electronic medical records built without extensive safeguards. To exacerbate the situation, cleaning up after medical ID theft can be hindered by HIPPA compliance – the regulations protect the medical information of the ID thieves as well as you.
InSights from the Lone Star state
InSights from the Lone Star state
Hundreds of McKesson customers converged in Grapevine, Texas this past week to learn what their peers are doing and to get the latest product updates from McKesson. Infrastructure upgrades was a common theme this year for many of the attendees I spoke to, with virtualization in particular continuing to rise in priority. Many hospitals had partially or completely virtualized their data center, and some had even virtualized all their desktops.
Congrats to OhioHealth’s Jim Lowder on making the InfoWorld CTO 25
Congrats to OhioHealth’s Jim Lowder on making the InfoWorld CTO 25
Just a quick post to congratulate OhioHealth's CTO Jim Lowder on being named to
VMworld 2011: From the Show Floor-  Part 2
VMworld 2011: From the Show Floor- Part 2
Day 2 is now in full swing at VMworld 2011. We had a very busy Day 1 yesterday. While the show attendance was clearly impacted by Irene, it sure feels like there are 15,000+ VMworld attendees here in sunny Vegas.
VMworld 2011: From the Show Floor Part 1
VMworld 2011: From the Show Floor Part 1
I’m extremely excited about our participation in this year’s show particularly the opportunity to demonstrate the results of our collaboration and integration with some of our partners. Imprivata is working in conjunction with VMware, Teradici, Dell, and VCE to showcase our joint solutions, which showcase VMware View serving up virtual desktops,
Imprivata Professional Services Announces New Services Offerings Portfolio
Imprivata Professional Services Announces New Services Offerings Portfolio
Professional Services are not something that should only be considered during the initial implementation of Imprivata OneSign. As our customer base has grown through the years, we’ve seen their personnel come and go, departments change, infrastructure develop and new technology appear. What doesn’t change is the need to provide simple secure access even though regulations get more rigorous and security threats become greater.
Imprivata Zeroes in on VMworld 2011
Imprivata Zeroes in on VMworld 2011
Head over to the Imprivata booth #1070 to take a look at the tech preview of the joint development between Teradici and Imprivata. And just in case it’s too busy to get close, you can also see it at the VMware, Teradici, Dell and VCE stands. Yes, it’s that cool. While you’re there, ask Michelle for some sonic rocks – I hear they’re kind of fun...
From  Imprivata Booth 118 at Siemens Innovations – Las Vegas
From Imprivata Booth 118 at Siemens Innovations – Las Vegas
The Siemens show has been fantastic. What a great group of people, from Siemens and their customers, as well as all the other great Siemens partners that are participating. What are we hearing? Signing on to desktops and applications is extremely painful! Remembering all the different passwords, trying to type them in while a patient is waiting for you, the time it takes for the applications to load… We need to simplify access to EMR and hospital IT systems for our clinicians! For those that know Imprivata, and for those that have been introduced to us this week, the response has been consistent; We can simplify access saving clinicians 15 minutes per day and help drive EMR adoption.
2,246 Eligible Professionals and 100 Hospitals Successfully Attest to Meaningful Use
2,246 Eligible Professionals and 100 Hospitals Successfully Attest to Meaningful Use
The Meaningful Use Analysis presented at the recent HIT Policy Committee Meeting indicates that 2,246 Eligible Professionals and 100 Hospitals have attested successfully. That’s a good start to EHR Adoption; with Stage 2 potentially delayed for these earlier adopters it will be interesting to see how many more attest to Meaningful Use in 2011.
Wanted:  A cure for medical data breaches.
Wanted: A cure for medical data breaches.
Data breaches in healthcare are certainly not new. Most data breaches today occur when electronic patient information (known as "protected health information" or PHI in the HIPAA regulation) is stored unencrypted on a device that is lost or stolen. All of the data breach laws in effect today state that as long as the data or device are encrypted, there is no data breach and therefore no liability or legal remedy. So if it's that easy, why do the number of breaches in healthcare continue to grow at alarming rates?
Radiologists adopt single sign-on for fast access to applications
Radiologists adopt single sign-on for fast access to applications
As leaders in technology adoption, Radiologists are starting to look to biometrics to help provide No Click Access to the various systems and places they nee
Who is impacted by the move of Stage 2 Meaningful Use?
Who is impacted by the move of Stage 2 Meaningful Use?
On November 30, 2011 HHS announced that they approve of the proposed push of Stage 2 Meaningful Use from 2013 to 2014 that has been talked about since July of this year. But who does this decision really impact?
Ponemon Institute Study Quantifies How Single Sign-On Can Save Hospitals Time and Money
Ponemon Institute Study Quantifies How Single Sign-On Can Save Hospitals Time and Money
Study spotlights the value of single sign-on solutions for hospitals seeking meaningful use credits. An eye-opening new study that was just released from the Ponemon Institute revealed roughly 60 percent of the more than 400 healthcare IT respondents believe that single sign-on (SSO) solutions support their organizations’ efforts to demonstrate the “meaningful use” of EMR adoption.
No Click Access from zero clients? It’s just another client right?
No Click Access from zero clients? It’s just another client right?
Today, Teradici have released Teradici PCoIP® Firmware release 3.5. Within this firmware update is code specifically designed to integrate with a new API from Imprivata that enables full No Click Access™ from a Teradici-enabled PCoIP zero client. This integration supports strong authentication with just the tap of an access card or ID badge to automate the process of bringing the user directly to their virtual desktop.