•  

    Health Care

  • Speak with a Trustwave sales specialist to learn more.

    Looking for support? Use our global network of support specialists to get help. Get support now
      
  • Data breaches affecting the health care industry are often caused by accidents and human error. Now, targeted data loss incidents are becoming more common. And as breaches increase in prevalence, the value of this data is increasing in the criminal underground as well.

Overview

  • The health care industry is comprised of hospitals, retail urgent care facilities, nursing homes, pharmacies, health insurance companies and more. In the United States, for example, some 10,000 establishments currently make up the Urgent Care industry, mostly the in suburban locations scattered across the country. Hospitals on the other hand, comprise about 1 percent of all of the health care entities, but employ roughly 35 percent of all workers.

    More and more, each of these organizations deals with sensitive electronic Protected Health Information (ePHI), which can range from names and Social Security numbers to fingerprints and patients’ conditions to diagnoses. The Health Information Portability and Accountability Act (HIPAA) requires that “covered entities” and their business associates safeguard ePHI or risk paying heavy fines, notifying their customers of breaches and damaging their reputations. Additionally, healthcare organizations that accept credit cards for direct pay patients or copays, are also subject to the compliance requirements for the Payment Card Industry or PCI.

    This combination of ePHI and financial data is becoming more valuable by the day. Studies have found that organized crime is increasingly targeting healthcare entities because health records are worth more and are easier to get. In fact, more than half of the breaches that occurred in 2014 involved healthcare activities or their business associates.

    Organizations have been slow to identify the breaches, with the average time to detect almost 85 days. In addition, business associates — those third-party contractors that serve health care organizations — were responsible 58 percent of the time.


  • Here are some of the factors and drivers that place health care organizations at growing risk:

  • Reactive Versus Proactive

    Some health care organizations are behind the curve when it comes to preparing for security threats. Part of that is attributable to failing to maintain an adequate and updated risk assessment, something that is required by HIPAA. Should a health care organization experience a breach, regulators will penalize entities for failing to recognize the warning signs.

  • Commoditization

    Medical data has soared in value on the black market as other sought-after information, such as credit card numbers, have become commoditized. Cybercriminals recognize the value of patient data, such as stolen health insurance numbers, to acquire medications and services.

  • Mobility

    Doctors, nurses and administrators increasingly are using devices such as smartphones and tablets to access, receive, transmit and store patient information. This results in efficiency wins and improved patient care, yet these devices often lack basic security, such as access controls and encryption, making them vulnerable to malfeasance and data loss.

  • Health Information Exchanges

    HIEs and electronic health records (EHRs) enable health care information to be shared across disparate systems and multiple providers, something that was nearly impossible to do in the past. But with government incentives to invest and advances in technology come news risks and challenges, including not only data protection but also determining who owns the data and what access patients have.

Solutions

  • Trustwave offers a comprehensive and flexible portfolio for health care organizations wishing to protect their infrastructure, networks, data and users against today's advanced threats, while ensuring compliance with regulations and requirements such as HIPAA/HITECH and PCI DSS.

  • Urgent Care Solutions Bundle 

    A comprehensive solution addressing both HIPAA / HITECH and PCI compliance specifically tailored for Urgent Care facilities and operators.

    Risk Assessment Services 

    Helps you find, identify and prioritize threats to your organization so you can correct any deficiencies, and obtain and maintain compliance.

    Data Loss Prevention 

    Allows you to discover and classify electronic protected health information and prevent it from leaving the network.

    Network Access Control 

    Ensures managed and unmanaged devices connecting to the network comply with policies and do not introduce malware.

    Two Factor Authentication 

    Serves as a token-less, cloud-based solution to prevent password interception and guessing, and approve legitimate users.

    Secure Web Gateway 

    Enables safe and productive access to Web 2.0, while ensuring compliance, minimizing data loss and eliminating malware risks.

    Web Application Firewall 

    Protects web applications against external attackers using web vulnerabilities, such as SQL injection, to steal patient information.

    SIEM 

    Helps you gain broad visibility of threats to your network and improve your compliance process through logging, monitoring, and analysis of events.

    Security Awareness Education 

    Instructs your employees and contractors to understand the threat of social engineering and follow best practices for security, including password management and the safe use of web and social media tools.

    Penetration Testing 

    Identifies and manages potential vulnerabilities in your networks, applications or databases, and evaluates their ability to withstand attack.

    Incident Readiness and Response 

    Allows your staff to proactively identify the indications of a breach and contain it quickly and effectively.

Benefits

    • Embrace BYOD

      With health practitioners turning to mobile devices for the more seamless administration of patient care, we help you make the most of this phenomenon through real-time detection of managed and unmanaged devices to prevent threats, authenticate users, and protect data in case the devices are lost or stolen.

    • Risk Controls and Compliance

      Regulatory pressures facing the health care industry require organizations to have a thorough understanding of their risks and then be able to implement policies and technology to rectify any shortfalls. Trustwave solutions are created with compliance in mind, and directly can map back to all of your requirements, no matter how prescriptive they are.

    • Fight Heath Care Fraud

      Whether it's an opportunistic insider snooping on sensitive patient data or an external attacker leveraging targeted malware to gain access to a system, Trustwave's data security safeguards protect sensitive information to mitigate fraud. Our solutions will help you discover and classify data that needs protection, and ensure it doesn't leave in the wrong hands.

    • Automate and Achieve Simplicity

      Through our cloud-based TrustKeeper platform, you get a single view into of your technologies and services, so you can more effectively manage your security program. In addition, you can centrally automate and manage controls, policies and procedures across multiple compliance frameworks. Whether your business is large or small or something in between, TrustKeeper is built to scale with you.

Resources

  • Documents