Thycotic helps protect patient data, safeguard against malware attacks, and demonstrate HIPAA compliance
WHAT’s the challenge
To meet the Health Insurance Portability and Accountability Act (HIPAA) privacy and security requirements, healthcare organizations must maintain a secure IT environment that restricts access to digital medical records and protected health information (PHI).
WHY it’s important
Failure to properly safeguard patient privacy and data can be very costly to healthcare institutions with recent high profile penalties ranging from hundreds of thousands to millions of dollars.
HOW we solve it
Thycotic provides comprehensive Privileged Access Management and Security solutions that secure privileged account passwords and lock down applications, endpoints, and OS configurations to help healthcare organizations secure patient data and demonstrate HIPAA compliance.
Citing data from the Office for Civil Rights…more than 155 million Americans have had their medical information exposed without their permission since 2009. This stems from approximately 1,500 breach incidents.
– HealthITsecurity.com, May 06, 2016
Meeting the HIPAA Security Rule for IT
With digital medical records, patient online portals, and other electronic methods of healthcare data management, maintaining a secure network is critical to meeting the Health Insurance Portability and Accountability Act (HIPAA) privacy and security requirements. HIPAA’s security requirements are made up of several technical security measures, which require covered entities to maintain reasonable safeguards for protecting electronic protected health information (PHI).
To protect patient data, IT teams need to take a comprehensive approach to network security in addressing both external and internal threats through:
- Defensive measures like firewalls, encryption, anti-virus software, and regular testing.
- Tracking user activity and knowing who is doing what and when, especially for network systems.
- Limiting or restricting user access to various file systems, servers, and other network equipment.
- Establishing strong policies for password security, including password complexity and requirements for frequent rotation.
PRIVILEGED PASSWORD SECURITY
Focus on protecting privileged IT accounts
IT accounts, such as IT admin accounts or application/service accounts, each grant a specific level of access on the network. Typically IT teams share these credentials amongst themselves to gain access to equipment and services as needed. This makes it very difficult to know who exactly is accessing which device and to restrict access amongst IT staff. In addition, healthcare organizations can have hundreds, if not thousands of privileged accounts, each with their own password. To maintain proper security and help demonstrate compliance, healthcare IT departments need to automate the management and enforcement of privileged account credential security.
Thycotic helps close the gap between compliance and a secure IT environment
While HIPAA has standards such as access control, authentication procedures, transmission security, and audit control to protect PHI, these compliance standards do not necessarily cover the local IT admin accounts or domain accounts, which access and run dependencies on machines storing or interacting with the PHI. Without HIPAA mandating how entities should manage access and rotation of these accounts, the Department of Health and Human Services’ (HHS) research has showed an increase in malicious targeting of healthcare IT systems. Targeting attacks such as ransomware take advantage of the 243 days that HHS found it takes for most HIPAA compliant environments to detect malicious activities.
Thycotic’s Secret Server is a solution for closing the gap between meeting compliance mandates and making your technical environment truly secure. Secret Server Password Management Software manages the availability, rotation, and integrity of privileged accounts that allow access to electronic Protected Health Information.
Thycotic Secret Server creates a centralized, encrypted location for password storage, the ability to restrict access by role, full auditing of credential usage, and automatic password changing. Add a custom security policy to Secret Server to automatically change passwords at required times, enforce password length and complexity requirements, and ensure sensitive systems maintain a high level of access control and oversight over privileged accounts. Those are just a few features in Secret Server that are able to protect access to your e-PHI data as well as ensure that your company is meeting HIPAA Security Rule requirements.
These are nervy times for HIPAA covered entities, and now more than ever, it is essential that those responsible for safeguarding PHI to take time to understand the details of the HIPAA Privacy, Security and Breach Notification rules.
– HealthITsecurity.com, April 28, 2016
Endpoint security for
Protect endpoints from malware and secure users with Least Privilege Access
Local administrator rights have become a necessary evil in healthcare network environments. Because of the unfettered access these rights provide, administrator accounts and privileges are one of the most common targets of hackers and cyber-criminals. Once gained, administrator privileges allow an attacker to install malware, steal information from the system, compromise other systems, and stage additional attacks against domains, servers and other devices within the network. Limiting access to administrator rights, however, presents challenges that impact your trusted users since legitimate software often requires administrator rights to be properly installed.
Fortunately, Thycotic offers easy-to-manage and simple tools that can help you mitigate these risks by promoting a Least Use Privilege strategy for all users on all your Windows endpoints. Thycotic Application Control Solution, for example, enables organizations to limit the need for providing Administrator rights to end users, business users and IT admins while providing a flexible and dynamic framework for allowing safe, trusted software to be installed as required. This means that malicious software can’t be installed, even accidentally, protecting your systems from a variety of the most common hacker attacks.
Adhering to this Least Use Privilege strategy allows organizations to mitigate the risk from over 90% of the Critical-rated vulnerabilities from Microsoft for Windows and reduces the ability for hackers to infiltrate and attack these target systems.
Thycotic helps you lock down Windows applications, endpoints, and OS configurations
Health Care organizations today need to lock down desktops and stop malware and ransomware attacks that can have devastating and costly consequences. That means removing IT admin privileges from most users to lower risk, and limiting privileges for IT admins to improve security. The powerful combination of three solutions within Thycotic’s Endpoint Security Remediation Suite helps ensure that you can stop malware attacks at the end-point to limit an attacker’s ability to move beyond their initial point of entry.
Stop exploits such as malware and ransomware at the endpoint
Thycotic provides comprehensive endpoint privilege management and security solutions that:
- Assure least privilege application control.
- Enable administrative user group management.
- Demonstrate security compliance and automated remediation.