Login to your TrustKeeper Portal Account
Thank You. One of our sales specialists will be in touch shortly.
Speak with a Trustwave sales specialist to learn more.
Data breaches affecting the health care industry are often caused by accidents and human error. Now, targeted data loss incidents are becoming more common. And as breaches increase in prevalence, the value of this data is increasing in the criminal underground as well.
The health care industry is comprised of hospitals, retail urgent care facilities, nursing homes, pharmacies, health insurance companies and more. In the United States, for example, some 10,000 establishments currently make up the Urgent Care industry, mostly the in suburban locations scattered across the country. Hospitals on the other hand, comprise about 1 percent of all of the health care entities, but employ roughly 35 percent of all workers.
More and more, each of these organizations deals with sensitive electronic Protected Health Information (ePHI), which can range from names and Social Security numbers to fingerprints and patients’ conditions to diagnoses. The Health Information Portability and Accountability Act (HIPAA) requires that “covered entities” and their business associates safeguard ePHI or risk paying heavy fines, notifying their customers of breaches and damaging their reputations. Additionally, healthcare organizations that accept credit cards for direct pay patients or copays, are also subject to the compliance requirements for the Payment Card Industry or PCI.
This combination of ePHI and financial data is becoming more valuable by the day. Studies have found that organized crime is increasingly targeting healthcare entities because health records are worth more and are easier to get. In fact, more than half of the breaches that occurred in 2014 involved healthcare activities or their business associates.
Organizations have been slow to identify the breaches, with the average time to detect almost 85 days. In addition, business associates — those third-party contractors that serve health care organizations — were responsible 58 percent of the time.
Here are some of the factors and drivers that place health care organizations at growing risk:
Some health care organizations are behind the curve when it comes to preparing for security threats. Part of that is attributable to failing to maintain an adequate and updated risk assessment, something that is required by HIPAA. Should a health care organization experience a breach, regulators will penalize entities for failing to recognize the warning signs.
Medical data has soared in value on the black market as other sought-after information, such as credit card numbers, have become commoditized. Cybercriminals recognize the value of patient data, such as stolen health insurance numbers, to acquire medications and services.
Doctors, nurses and administrators increasingly are using devices such as smartphones and tablets to access, receive, transmit and store patient information. This results in efficiency wins and improved patient care, yet these devices often lack basic security, such as access controls and encryption, making them vulnerable to malfeasance and data loss.
HIEs and electronic health records (EHRs) enable health care information to be shared across disparate systems and multiple providers, something that was nearly impossible to do in the past. But with government incentives to invest and advances in technology come news risks and challenges, including not only data protection but also determining who owns the data and what access patients have.
Trustwave offers a comprehensive and flexible portfolio for health care organizations wishing to protect their infrastructure, networks, data and users against today's advanced threats, while ensuring compliance with regulations and requirements such as HIPAA/HITECH and PCI DSS.
A comprehensive solution addressing both HIPAA / HITECH and PCI compliance specifically tailored for Urgent Care facilities and operators.
Helps you find, identify and prioritize threats to your organization so you can correct any deficiencies, and obtain and maintain compliance.
Allows you to discover and classify electronic protected health information and prevent it from leaving the network.
Ensures managed and unmanaged devices connecting to the network comply with policies and do not introduce malware.
Serves as a token-less, cloud-based solution to prevent password interception and guessing, and approve legitimate users.
Enables safe and productive access to Web 2.0, while ensuring compliance, minimizing data loss and eliminating malware risks.
Protects web applications against external attackers using web vulnerabilities, such as SQL injection, to steal patient information.
Helps you gain broad visibility of threats to your network and improve your compliance process through logging, monitoring, and analysis of events.
Instructs your employees and contractors to understand the threat of social engineering and follow best practices for security, including password management and the safe use of web and social media tools.
Identifies and manages potential vulnerabilities in your networks, applications or databases, and evaluates their ability to withstand attack.
Allows your staff to proactively identify the indications of a breach and contain it quickly and effectively.
With health practitioners turning to mobile devices for the more seamless administration of patient care, we help you make the most of this phenomenon through real-time detection of managed and unmanaged devices to prevent threats, authenticate users, and protect data in case the devices are lost or stolen.
Regulatory pressures facing the health care industry require organizations to have a thorough understanding of their risks and then be able to implement policies and technology to rectify any shortfalls. Trustwave solutions are created with compliance in mind, and directly can map back to all of your requirements, no matter how prescriptive they are.
Whether it's an opportunistic insider snooping on sensitive patient data or an external attacker leveraging targeted malware to gain access to a system, Trustwave's data security safeguards protect sensitive information to mitigate fraud. Our solutions will help you discover and classify data that needs protection, and ensure it doesn't leave in the wrong hands.
Through our cloud-based TrustKeeper platform, you get a single view into of your technologies and services, so you can more effectively manage your security program. In addition, you can centrally automate and manage controls, policies and procedures across multiple compliance frameworks. Whether your business is large or small or something in between, TrustKeeper is built to scale with you.
2016 Trustwave Global Security Report
Urgent Care Solutions
HIPAA Compliance Pre-Assessment
Health Care Technologies for HIPAA
HIPAA Compliance Readiness
HIPAA Risk Assessment
Trustwave Security Awareness Education for Health Care
2015 Security Health Check Report