The healthcare industry has benefited from the breakneck pace of digitization - spanning everything from payments to patient records to X-ray film - but it has also been increasingly exposed to greater risk. Efforts to increase healthcare provider productivity via increased digitization and system interconnectivity have to be counterbalanced against the growing concerns for patient privacy and a backdrop of increasing liability.
W H I T E PA P E R
The Challenge of Securing Hard to Patch Servers in Health Care EnvironmentsWhite Paper The Challenge of Securing Hard to Patch Servers in Health Care Environments
Overview
The healthcare industry has benefited from the breakneck pace of digitization -spanning everything from payments to patient records to X-ray film- but it has also been increasingly exposed to greater risk. Efforts to increase healthcare provider productivity via increased digitization and system interconnectivity have to be counterbalanced against the growing concerns for patient privacy and a backdrop of increasing liability.
In the wake of these concerns, a number of regulations have emerged for IT professionals in the healthcare industry to navigate. Beyond the standard set of IT security concerns that most IT departments must confront, many of the systems utilized in healthcare not only require special vulnerability management efforts but also fall under the auspices of the US Food and Drug Administration (FDA), An inline patch mimics the which complicates things further. Another pain point specific to the industry is the corrective action of the proliferation of embedded systems or medical devices that operate with their own security patch for network- unique set of security challenges.accessible vulnerabilities, no matter how complex, To manage these challenges, IT professionals in the healthcare industry turn to to address the vulnerability the typical array of security solutions used by their counterparts across other at the root cause. industries. Network intrusion prevention systems (IPS) are utilized to segment and defend the network. Patch management tools are used to quickly roll out security patches. Unfortunately, perimeter-oriented network IPS require ongoing operational resources, from constant tuning to the management of "noise" due to false alarms. Security patches may mitigate vulnerabilities but are resource intensive to install, require time to test and validate, and may introduce new risks and problems.
Blue Lane's patch protection gateway, PatchPointT, provides inline vulnerability remediation for server operating systems, databases, enterprise applications and medical devices, offering instant application protection with zero footprint, zero PatchPoint utilizes inline downtime, and zero tuning. PatchPoint utilizes inline patches that are functionally patches that are functionally equivalent to software security patches. An inline patch mimics the corrective action equivalent to software of the security patch for network-accessible vulnerabilities, no matter how complex, security patches. to address the vulnerability at the root cause.
Regulatory Compliance
Unlike other industries that may experience inconveniences or financial losses that stem from security events, healthcare organizations in the United States are directed by several federal initiatives that mandate the implementation of rigorous security and privacy controls. The most widely publicized initiative of recent years is the Health Insurance Portability and Accountability Act (HIPAA). If the healthcare organization also happens to be a public company then additional efforts must be devoted to IT security in order to achieve Sarbanes-Oxley (SOX) compliance. Additionally, the Food and Drug Administration and its policies also require the attention of IT professionals because usage (and security) of most medical devices falls under the guidance of the FDA. Below is a brief synopsis of each initiative and its impact on healthcare providers:
. HIPAA is perhaps the most widely recognized regulation that directly impacts healthcare providers. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the use of electronic
Blue Lane 2White Paper The Challenge of Securing Hard to Patch Servers in Health Care Environments
data interchange in the US health care system. There are two sets of standards stemming from HIPAA: Privacy standards that seek to protect patient data from improper disclosure or use and security standards that safeguard patient data from unauthorized access. The security portion is further subdivided into three safeguard standards: administrative, technical and physical. Among the key applicable HIPAA standards that pertain to the patching challenges mentioned ab... [download for more]
