Blog Listing

Imprivata’s Geoff Hogan authored an article for Security Technology Executive last month titled, “Passwords in Peril” that delves into the password management conundrum that organizations face with the growing number of applications that employees use daily. While the article summarizes succinctly the helpdesk costs issue, employee productivity and the data security vulnerabilities that a runaway password management problem causes, it also highlights effective single sign-on (SSO) strategies and tactics to overcome these challenges. I wanted to take this opportunity to pull out a couple of SSO and Password Management best practices that Geoff covered, while adding a couple more...…

Another insider unauthorized access incident came across my radar just as I put the finishing touches on my most recent blog post highlighting Lesmany Nunez’s case being the latest example of a disgruntled employee breaching a network. As of today, the most current remote access security breach involves Danielle Duann, an IT director of a nonprofit organ and tissue donation center.…

The other week, we announced some findings from a survey conducted over the past couple of months aimed at understanding where authentication and access management sits in the eyes of those concerned with Payment Card Industry (PCI) data security standards (DSS). With PCI publishing the latest PCI Data Security Standard 1.2 on Oct. 1, 2008, this online survey highlighted some interesting trends as companies work toward compliance. Here are a few stats to briefly call out...…

The merger between RxHub and SureScripts has garnered extensive coverage - here,here and here, among others. This is a huge step forward for standardizing on, and speeding the adoption of, electronic prescriptions. It is significant progress, and the latest of many advancements the healthcare sector is driving forward. There is one area of the electronic prescriptions story though that is missing from all of the stories around the RxHub/SureScripts merger, though it's an important piece of the equation - authenticating that the prescription drug order is legitimate, and truly from an approved physician. Electronic transactions are easier and quicker, sure, but so is the potential for misuse and fraud.…

The National Institute of Standards and Technology (NIST) published its Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule back in late 2008, but spurred by a jolt of healthcare IT investment driven by HITECH mandates has renewed relevance today. From a user access perspective, there are important technical safeguards outlined in the area of Access Control, Audit Control, Integrity, and Person or Entity Authentication that are worth calling out. Specific Key Activities within these technical safeguards criteria you should review include...…

The right single sign-on (SSO) solution can resolve your password management issues. However, some SSO solutions raise as many issues as they promise to solve—the cost of purchase can be quite high, and the complexity of implementation and management can overwhelm IT departments. As you start your SSO vendor evaluation process, it’s important to know what questions to ask to ensure that you have a thorough understanding of the complete solution including product features and functionality, implementation and deployment, and ongoing management. Sample questions across important categories include...…

I was reading the recent security breach news about Lesmany Nunez, a former IT administrator who was recently sentenced to a year and one day in federal prison for computer fraud. Mr. Nunez was an employee at Miami-based Quantum Technology Partners (QTP) and three months after his employment ended, he was still able to access the company’s network with an administrator password. What he did then was break into QTP’s servers, shut them down, change the system administrators’ passwords and erase files, all of which ended up costing QTP more than $30,000.…

I've had a few conversations lately tied around the topic of the insider threat in the financial services arena, so I figured I'd scan around the Web to see what's out there and came across an interesting InfoWorld article. Though it is from last Fall, it hits on a number of concerns that are timely now, especially given the major breaches like Societe Generale. The article reports on a Deloitte study that highlights two major data points that I want to call out:…

Recent survey results released show only 50.7% of U.S. hospitals with implemented electronic medical records (EMRs). While transitioning to a paperless system seems to be a logical evolution in the health care system, the rather slow rate of EMR adoption does not surprise me. Even with the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) in February 2009 which attached a monetary incentive to implementation, technologies that do not seamlessly fit into clinicians’ day-to-day activities, improve patient care, and enable them to work more efficiently fail to achieve widespread acceptance. In order to improve EMR adoption rates in the U.S., we must provide doctors with tools that do not disrupt time spent with the patients, while enhancing their ability to access vital information quickly and efficiently.…

The highlight of today was undoubtedly the customer panel in the session Healthcare and the Journey to the Cloud- State of the Industry.…

There' s been a lot of talk and focus on the Meaningful Use provisions of the HITECH Act. I worry that we're becoming too focused on the details of Meaningful Use, and losing the bigger picture. The government instituted the Meaningful Use criteria and incentives because they believe that electronic medical records can improve quality of care and access to care – but only if the EMR solutions are actually deployed and used. Hence Meaningful Use.…

Many agencies that I’ve spoken to are not aware of the Advanced Authentication requirements of the FBI CJIS Security Policy 5.6.2.2 and are therefore not aware that they may be in breach of this requirement. This video will quickly enable you to find out whether you may be in breach and how Imprivata can put you back in compliance.…

Last month, Kristi Roose from Mahaska Health Partnership joined me for a live webinar that discussed deploying SSO and Strong Authentication, and the steps you can take to get to Meaningful Use faster. If you missed the webinar, you won't want to miss this -- we've gone ahead and transcribed our answers from the Q&A session. Question 1: How long did it take to roll a unit out to all the departments and how long did it take to see acceptance to the change? Answer: We approached these rollouts one unit at a time, and the time frame depended on the number of users. Usually it took about 1-2 weeks per unit to make sure that everyone was comfortable with the product. Once the unit was rolled out acceptance was immediate; customers were grateful for the product and relieved to be able to access data more easily. It was a relief for their workflow. …

Day 2 is now in full swing at VMworld 2011. We had a very busy Day 1 yesterday. While the show attendance was clearly impacted by Irene, it sure feels like there are 15,000+ VMworld attendees here in sunny Vegas.…

I’m extremely excited about our participation in this year’s show particularly the opportunity to demonstrate the results of our collaboration and integration with some of our partners. Imprivata is working in conjunction with VMware, Teradici, Dell, and VCE to showcase our joint solutions, which showcase VMware View serving up virtual desktops,…

Professional Services are not something that should only be considered during the initial implementation of Imprivata OneSign. As our customer base has grown through the years, we’ve seen their personnel come and go, departments change, infrastructure develop and new technology appear. What doesn’t change is the need to provide simple secure access even though regulations get more rigorous and security threats become greater.…

Head over to the Imprivata booth #1070 to take a look at the tech preview of the joint development between Teradici and Imprivata. And just in case it’s too busy to get close, you can also see it at the VMware, Teradici, Dell and VCE stands. Yes, it’s that cool. While you’re there, ask Michelle for some sonic rocks – I hear they’re kind of fun...…

The Siemens show has been fantastic. What a great group of people, from Siemens and their customers, as well as all the other great Siemens partners that are participating. What are we hearing? Signing on to desktops and applications is extremely painful! Remembering all the different passwords, trying to type them in while a patient is waiting for you, the time it takes for the applications to load… We need to simplify access to EMR and hospital IT systems for our clinicians! For those that know Imprivata, and for those that have been introduced to us this week, the response has been consistent; We can simplify access saving clinicians 15 minutes per day and help drive EMR adoption.…

The Meaningful Use Analysis presented at the recent HIT Policy Committee Meeting indicates that 2,246 Eligible Professionals and 100 Hospitals have attested successfully. That’s a good start to EHR Adoption; with Stage 2 potentially delayed for these earlier adopters it will be interesting to see how many more attest to Meaningful Use in 2011.…

Data breaches in healthcare are certainly not new. Most data breaches today occur when electronic patient information (known as "protected health information" or PHI in the HIPAA regulation) is stored unencrypted on a device that is lost or stolen. All of the data breach laws in effect today state that as long as the data or device are encrypted, there is no data breach and therefore no liability or legal remedy. So if it's that easy, why do the number of breaches in healthcare continue to grow at alarming rates? …