Healthcare Information Security
Instructions
You are the recently hired CISO for ACME Health System. One of the organizations strategic missions is to increase provider access to patient information to improve patient care. One initiative being promoted is the adoption of mobile technologies. However, as you’re surveying the security posture of the organization, you realize that the company is weak in the area of basic technical protection mechanisms against security threats. You must first build a strategy to fix these gaps with new tools.
Part 1 – Fixing Existing Issues
What are some technologies that you might recommend to fill basic gaps in protection for ACME in the following areas? Locate two tools or products for each area listed below.
- Personal Firewall (for laptops of employees)
- Endpoint security (also known as endpoint protection)
- Data Loss Prevention
- Vulnerability Management Tools
- Security Audit Log Monitoring
It is important to clearly cite the source of information and the names of the vendors or providers of the firewall products. Note that even if a firewall function is combined into a larger, more comprehensive security suite, you can still use it as an alternative.
Describe your strategy, and why you’ve chosen these specific tools.
Part 2 – Planning for Mobile Device Deployment
Now that you’ve developed a plan for fixing the existing security issues, you need to address the mobile technology initiative. You know that it is best practice to employ a Mobile Device Management (MDM) solution, but you also need to make sure whatever tool you purchase is able to do the job you require. First, you need to analyze common security and privacy threats of mobile health technologies in terms of software (e.g., apps, programs, mobile-friendly patient portals) and hardware (e.g., personal/remote devices, on-site devices, smart devices). You are convening a meeting with your security team to highlight some of the main security and privacy issues, and you want to provide them with a one-page tip sheet covering the following information:
- Summarize the mobile device vulnerabilities presented by the Government Accountability Office (GAO) Congressional Report (Links to an external site.).
- For each vulnerability/threat, briefly summarize a policy, procedure, technical requirement, or software solution that can eliminate or mitigate these vulnerabilities.
- Locate three (3) reputable and high-quality resources that you can provide your staff to help them gain more knowledge on mobile device privacy and security issues. Briefly explain why you selected these resources.
Format
For Part 2, a table has been provided to help you organize the comparisons. Download the Lesson 9 Comparison template.