Six Keys to Healthcare IT Security and Compliance

Michael Rasmussen, Corporate Integrity; Chris Merritt, Lumension
Safeguarding electronic protected health information (ePHI) has proved quite challenging for many healthcare organizations. In fact, 80 percent of responding healthcare organizations had experienced at least one incident of lost or stolen electronic health information in the past year*.

Regulators have clamped down, enforcing HIPAA Security Rule requirements with more regularity and instituting heavy financial penalties and additional audit requirements on non-compliant organizations. Add in HITECH, PCI DSS and many state data protection/breach notification laws and the data protection compliance burden for healthcare organizations is greater than ever before.

Yet many organizations continue to address each security regulation as one-off projects and rely on compliance by spreadsheet, which is a surefire way to extend the cost, time, errors, and resources needed to complete audits – up to a 50 percent higher spend on compliance than necessary**. Not only is such an approach more costly, but it does not provide the necessary visibility into an organization’s IT risk so that ePHI can be effectively safeguarded against future threats.

This webcast will examine six keys to cost-effectively ensuring IT security and compliance in the healthcare space.

* Ponemon Institute, Electronic Health Information at Risk: A Study of IT Practitioners, 2009
** IT Policy Compliance Group, Managing Spend on Information Security and Audit for Better Results, February 2009
Mar 10 2010
64 mins
Six Keys to Healthcare IT Security and Compliance
  • Channel
  • Channel profile
Up Down
  • Point of Sale Systems: How to Stop Critical Entry Points for Malware Recorded: Feb 20 2014 62 mins
    Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack.

    During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems.

    •3 Critical Entry Points to POS System Attacks
    •Impacts to an Organization
    •Top 3 Security Measures to Minimize Risk
  • 2014 Data Protection Maturity Trends. How Do You Compare? Recorded: Jan 28 2014 57 mins
    In 2012 we found that the BYOD environment and the consumerization of the workplace had turned traditional notions of corporate IT upside down. In this webcast, we’ll look at the results from the 3rd annual survey and look at how mobility has changed the way IT teams are managing their devices, how effective their efforts are, and their biggest concerns.

    During this webcast we will look at each of data protection trends, helping you define best practices for your organization to address the top concerns. We’ll also show you how you can gauge the maturity of your security systems, allowing you to plug any holes before your valuable data starts to leak through them.
  • Greatest IT Security Risks of 2014: 5th Annual State of Endpoint Risk Report Recorded: Jan 8 2014 62 mins
    Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening?

    For 5 consecutive years, the annual State of the Endpoint Report, conducted by Ponemon Institute, has surveyed IT practitioners involved in securing endpoints. This year’s report reveals endpoint security risk is more difficult to minimize than ever before. What are IT pros most concerned about heading into 2014? From the proliferation of mobile devices, third party applications, and targeted attacks/APTs, endpoint security risk for 2014 is becoming more of a challenge to manage.

    Join Larry Ponemon of the Ponemon Institute and Ed Brice of Lumension for a webcast that will reveal statistics on growing insecurity, IT’s perceived areas of greatest risk for 2014 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:

    •IT perspective on the changing threat landscape and today’s Top 5 risks;
    •Disconnect between perceived risk and corresponding strategies to combat those threats;
    •Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain
  • Windows XP is Coming to an End: How to Stay Secure Before You Migrate Recorded: Nov 13 2013 56 mins
    In April 2014, Microsoft ends support for Windows XP. In a perfect world, your organization will have developed a plan by the end of 2013 and will have migrated all XP systems before Microsoft stops providing security patches. Unfortunately, there are many obstacles to making this strategy a reality – time, resources, budget, etc.

    If your organization still uses WinXP – or other applications such as Office 2003 or Internet Explorer 6 for which support also ends – you need a plan B. Join this webinar to:

    •Learn what end of life means to your organization from a security perspective
    •What options are available to secure your organization from vulnerabilities
    •How other organizations are planning to remain secure and compliant until they are fully migrated

    Understand how you can protect your WinXP systems beyond end-of-support. With application whitelisting and advanced memory protection, you can effectively prevent security risks that are inevitable once your organization is no longer receiving Microsoft patches.
  • Application Whitelisting Best Practices: Lessons from the Field Recorded: Oct 9 2013 89 mins
    If you’re like most IT professionals, you’ve probably heard analyst firms like Gartner and Forrester recommend using application whitelisting to defend your endpoints. The latest generation of application whitelisting provides flexible protection against modern, sophisticated malware and targeted attacks. However, application whitelisting is not something you turn on overnight.

    Attend this in-depth technical webcast as we dive into the latest technologies, including reflective memory protection, and other whitelisting approaches, to learn best practices to begin preparing for your 2014 endpoint security strategy and the inevitable transition from traditional signature-based protection to a holistic solution that incorporates whitelisting.

    • Three Best Practice Steps: Prepare, Lockdown and Manage Change

    • Understand how to apply lessons learned during application whitelisting implementations by your peers

    • Gain knowledge of continuous improvements made in best practices for application whitelisting

    *Receive 1 CPE credit for attending this webcast. To earn this credit, viewers must be active participants for the duration of the webcast. Please enter your appropriate membership ID upon registration to ensure relevant credits are allocated to your accounts when we submit them.
  • 2014 Ultimate Buyers Guide to Endpoint Security Solutions Recorded: Oct 2 2013 59 mins
    Last year we offered our thoughts on buying Endpoint Security Management solutions — including patching, configuration, device control, and file integrity monitoring — which are increasingly bundled in suites to simplify management. For 2014, malware and mobility have become the most critical issues facing organizations at they look to protect their endpoint devices. Thus we've updated our research to make sure you have the latest and greatest information on which to base your buying decisions.

    Join Mike Rothman, Analyst & President from Securosis, as he dives into an interactive discussion around endpoint security in 2014, and provides clear buying criteria for those of you looking at these solutions in the near future.

    What you will learn:

    •Protecting Endpoints: How the attack surface had changed, and the impact to your defense strategy

    •Anti-Malware: The best ways to deal with today's malware and effectively protect your endpoints from attack

    •Endpoint Hygiene: Why you can't forget the importance of ensuring solid management of your endpoint devices

    •BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization

    •The Most Important Buying Considerations in 2014

    *Receive 1 CPE credit for attending this webcast. To earn this credit, viewers must be active participants for the duration of the webcast. Please enter your appropriate membership ID upon registration to ensure relevant credits are allocated to your accounts when we submit them.
  • BYOD & Mobile Security: How to Respond to the Security Risks Recorded: Jun 4 2013 62 mins
    Bring Your Own Device (BYOD) is a popular topic in 2013. The trouble is that IT is trying to understand the security risks and prepare strategies to either adopt employee-owned mobile devices or decide against it for security and data control reasons.

    The 160,000 member Information Security Community on LinkedIn conducted the survey “BYOD & Mobile Security 2013” to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. With 1,600 responses, some interesting insights and patterns into BYOD were uncovered.

    Participate in this interactive webcast to learn:

    •Current Mobile Security Threats
    •Top Trends & Drivers in BYOD & Mobile Security
    •Necessary Features to Minimize these Security Risks
    •Live, Interactive Q&A
  • 3 Executive Strategies to Prioritize Your IT Risk Recorded: May 8 2013 60 mins
    Do you want to know how ‘best-of-breed’ enterprises prioritize their IT risk? Join Richard Mason, Vice President & Chief Security Officer at Honeywell, whose team is responsible for global security, during a roundtable discussion with Pat Clawson, Chairman & CEO of Lumension and Roger Grimes, Security Columnist & Author. Uncover strategies beyond traditional antivirus signatures and learn a more holistic approach to effective risk management. Find out ‘how’ and ‘why’ you can make security a prioritized function within your organization.

    Join this expert panel webcast to learn how to:
    1)Understand your business audiences and evaluate their risk tolerance
    2)Leverage reputation management services that are appropriate for your organization
    3)Utilize realistic change management to secure prioritized data depositories
  • Understanding the Ins & Outs of Java Vulnerabilities and What to do About It Recorded: Mar 13 2013 61 mins
    Many organizations are jumping on the “Death to Java” bandwagon, ranting about turning off Java to eliminate risk. However, it is important to put the issue in the proper context. The reality is that a Java vulnerability is not the end game for a cyber criminal, it is merely a delivery mechanism in the quest to install and execute bigger malware.

    There is no “one size fits all” recommendation for eliminating Java risks. But, you do want to eliminate as much exploitable surface area as reasonably possible on your critical endpoints. This should be the philosophy engrained in every organization’s security culture. If you’re not having this conversation about Java - and quite frankly all of the third-party applications in your environment - you are missing the mark and not calculating your risk. Join Paul Henry and Russ Ernst as they bring us up to speed on the Java vulnerabilities and how to limit your exposure without going overboard.
  • Defending Your Corporate Endpoints: How to Go Beyond Anti-Virus Recorded: Jan 30 2013 1 min
    Businesses large and small continue to struggle with malware. As a result, 50% of endpoint operating costs are directly attributable to malware alone[1]. Traditional approaches to malware protection, like standalone antivirus, are proving themselves unfit for the task. Something has to give.

    In this roundtable discussion, independent information security expert Kevin Beaver and Lumension Security’s Chris Merritt will talk about what can be done differently, including:

    • How to get a better grasp of the weaknesses in endpoint security that continue to get overlooked,
    • Examining whether or not anti-virus as we’ve known it is effective, and
    • A comparison between a proactive versus reactive approach to fighting the malware fight.

    [1] Ponemon Institute, 2011 State of Endpoint Risk, December 2010
  • 2013 Data Protection Maturity Trends. How Do You Compare? Recorded: Jan 22 2013 61 mins
    In 2012 we found out that the BYOD environment and consumerization of the workplace had turned traditional notions of corporate IT upside down. The 2013 Data Protection Maturity Report will highlight how organizations have managed this trend over the last year and what steps are being taken in 2013 to further enhance data security. Find out how IT teams are developing a holistic model that encompasses policy, education, technology and enforcement.

    During this webcast we look at each of data protection trends, helping you define your organization’s best practice guide to address the top concerns. We will also be showing you how you can gauge the maturity of your security systems, allowing you to plug any holes before your valuable data starts to leak through them.
  • Greatest IT Security Risks of 2013: Annual State of the Endpoint Report Recorded: Dec 5 2012 59 mins
    What are IT pros most concerned about heading into 2013? The annual State of the Endpoint Report sponsored by Lumension and conducted by Ponemon Institute reveals APTs and mobile devices pose the biggest security threat to organizations in the coming year. Unfortunately, respondents also demonstrated a disconnect between their identified risk and planned security spend as well as a significant need for improved internal collaboration.

    Join Larry Ponemon of the Ponemon Institute and Paul Zimski of Lumension for a webcast that will reveal statistics on growing insecurity, IT’s perceived areas of greatest risk for 2013 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:

    •IT perspective on today’s Top 3 risks;
    •Disconnect between perceived risk and corresponding strategies to combat those threats;
    •Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain
  • SENSATIONAL HEADLINES OR REAL THREATS? What New Attacks Mean For You? Recorded: Oct 22 2012 59 mins
    Well-organized, highly sophisticated cyber attacks continue to make headlines, hitting major U.S. banks and global companies like Adobe to name a few. In support of October as National Cyber Security Awareness Month, Lumension CEO Pat Clawson, Prolexic CEO Scott Hammack, security industry expert and author, Richard Stiennon and industry analyst and webcast moderator Eric Ogren will share their unique insight into these recent news-making attacks and what they mean for enterprises everywhere.

    In this webcast, you will learn:
    •The latest, seemingly extraordinary attacks;
    •How these attacks could escalate to the point where they matter to you and;
    •What you should be doing to secure against them.
  • Developing Best Practices to Device Control & Encryption: Technical Webcast Recorded: Aug 28 2012 74 mins
    The proliferation of USB flash drives and other removable storage devices has increased the porosity of the network perimeter. This has resulted in sensitive corporate and customer data leaking through the corporate firewall, exposing the organization to data loss, data theft and malware propagation. Understanding the powerful data protection tools available to your organization can help you mitigate these risks, while still enabling the flexible and managed use of these productivity devices.

    Join this webcast to learn the practical steps to guide you in the deployment of device control and encryption technology as we dive into a technical discussion of what the critical items to address, including:

    •Laying the Groundwork for Data Security
    •Preparing for Technical Enforcement
    •Enforcing Your Data Protection Policies
    •Managing Your Secure Environment
  • How to Guard Healthcare Information with Device Control and Data Encryption Recorded: Aug 7 2012 61 mins
    The need to protect digitized health information is a top priority in the healthcare industry. HIPAA and the HITECH Act put pressure on your organization to maintain the privacy and security of patient data, with the potential legal liability for non-compliance. So how does your healthcare organization meet or exceed industry best practices in guarding healthcare information?

    Join this webcast as Eric Ogren, President of The Ogren Group, and Chris Merritt, Solution Marketing Director at Lumension come together to take you through:

    • What PHI breaches are currently documented by the US Department of Health and Human Resources (HHS) and why these breaches are occurring
    • How a healthcare organization can mitigate costs with encryption technologies
    • What to look for in device control and full disc encryption solutions
  • Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise? Recorded: Jun 26 2012 61 mins
    The U.S. has not denied their role in the use of weaponized malware and already, other countries are jumping on board. India recently announced they are empowering government agencies to carry out similar such actions.

    State sponsored malware attacks are officially out of the shadows and mainstream for organizations and end users alike. In fact, Google recently announced an alert service for gmail users for “state sponsored attacks”. How exactly did we get to this point and what are the factors and threats that you need to be aware of?

    Join this complimentary webcast during this roundtable discussion by IT security industry experts as they answer the following questions:
    *How did we get to this point?
    *Why should the enterprise care?
    *What should the enterprise do?

    Walk away from this webcast with the knowledge and approach to help defend your enterprise against weaponized malware.
  • How Mature is Your Data Protection? 3 Steps to Effective Data Security. Recorded: May 22 2012 64 mins
    Make no mistake, consumerization of the workplace is one genie that is not about to go back into the bottle.

    With the BYOD movement overwhelming IT, and the convergence between personal devices and the corporate networks set to increase, the ability to restrict-and-ban the network is doomed to failure. Worse, they may be counterproductive to the business. Instead, IT teams must look at security in a different way, developing a holistic model that encompasses policy, education, technology and enforcement.

    During this webcast we look at each of these aspects, helping you define your organization’s best practice guide. We will also be showing you how you can gauge the maturity of your security systems, allowing you to plug any holes before your valuable data starts to leak through them.
  • E is for Endpoint II: How to Implement the Vital Layers on Your Endpoints Recorded: May 9 2012 60 mins
    IT security professionals rank third-party application vulnerabilities as the greatest security risk of 2012. And yet malware continues to exploit these – and other – vulnerabilities to breach our defenses. Clearly there’s a disconnect between knowing the problem and solving it. Yet it does not have to be this way, if we intelligently apply adequate protections against the exploitation of these vulnerabilities.

    Join this webcast, led by expert IT security panelists, to learn:

    •What are the vital layers of your endpoint defense.
    •How to thwart exploitation of your endpoint OS, configuration and 3rd-party application vulnerabilities.
    •How to prevent unknown applications from executing on your systems.
  • Developing Best Practices to Patch Management: An In-Depth Technical Webcast Recorded: Apr 25 2012 91 mins
    In today’s complex networking environment using patch and vulnerability management as the principal component of your risk mitigation strategy, and taking prudent measures to establish a best practices approach, can help reduce costs and risks in the long term.

    Patch and vulnerability management continues to be the first and last line of defense against existing and newest exploits. With the sophistication and sheer volume of exploits targeting major applications and operating systems, the speed of assessment and deployment of security patches across your complex IT infrastructure is key to mitigating risks and remediating vulnerabilities. Join this webcast to learn the recommended steps to cure your patch management headache as we dive into a technical discussion of what the critical items to address:

    •To Lay the Ground Work for Patch and Remediation
    •A Week before Patch Tuesday
    •On Patch Tuesday
    •After Patch Tuesday
  • E is for Endpoint: 6 Security Strategies for Highly Effective IT Pros Recorded: Feb 22 2012 59 mins
    We all like the idea of a silver bullet—a single, simple solution to a complex problem. But there’s no silver bullet when it comes to information security. Though some IT professionals have clung to the vain hope that antivirus (AV) alone would do the trick, others have come around to the need for a layered, defense-in-depth approach to endpoint security. But today’s endpoints demand even more. Endpoint security now requires a new way of thinking that goes beyond just battling threats to actually enabling operational improvement.

    Join this webcast, led by expert IT security panelists as you learn:
    •The most common attack vectors in today’s IT environment
    •Six steps to help you think different about endpoint security
    •Secrets to an effective defense-in-depth approach
Tips to Endpoint Management, Security and Compliance Challenges
This channel provides live and on-demand webcasts on a range of Endpoint Management and Security topics, including: identifying the latest trends and best practices for minimizing insider risks, reducing your threat exposure, managing Web 2.0 threats, reducing your cost of compliance and taking control of your endpoints, from both an operational and security perspective.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Six Keys to Healthcare IT Security and Compliance
  • Live at: Mar 10 2010 4:00 pm
  • Presented by: Michael Rasmussen, Corporate Integrity; Chris Merritt, Lumension
  • From:
Your email has been sent.
or close
You must be logged in to email this