This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
Security


on a keyboard and computer to unlock and use the drive. That makes it platform independent. The operating system used by the medical device didn’t matter. The software didn’t need to be rewritten to access the encrypted drive, and the medical devices could see the drives. Finding a fl ash drive that worked with the medical devices was only a partial victory. The V.A., like many federal agen- cies and major corporations, does not allow the use of thumb drives for data security reasons. LOK-IT’s FIPS 140-2 Level 3 rating was critical to the cardiac clinic getting permission to use the drive. The rating was developed by the federal government, and the 140 series refers to computer security standards that specify require- ments for cryptography modules. The U.S. National Institute of Standards and Technology sets the criteria; a Level 3 valida- tion requires that a component is tamper resistant, encrypts data and allows identity-based authentication. LOK-IT has an internal epoxy potting that prevents unau- thorized access to the internal components. If someone tries to remove the epoxy potting, it causes irreversible damage to the components and renders it unusable. To encrypt data, LOK-IT drives use on-the-fl y, full-disk, 256-Bit AES hardware encryption. All data stored on the drive is automatically en- crypted by LOK-IT’s encryption controller. And it’s onboard PIN pad allows for a seven- to 15-digit pass code. It took months, but in the end the V.A. information tech- nology department gave the cardiac clinic permission to use


Cryptzone predicts security trends


Cryptzone, IT threat mitigation experts, compiled this list of key security trend predictions: Targeted attacks


In 2011, we saw a number of examples of targeted attacks, such as Anonymous targeting Sony and the AT&T Terrorist attack. Attacks against well-known brands will become more common, as unsuspecting recipients receive malicious emails containing hostile code. Therefore, companies need to start thinking about zero-day threats and how to secure their data. Bring your own device (BYOD) Organizations will continue to adapt their enterprise mobility strategy. With more users bringing their own devices to work and expecting to use them to gain productivity and effi ciency benefi ts in the workplace, IT departments will have to manage device diversity. Therefore, every user who requests access to corporate resources through a mobile device should sign up to a corporate policy before access is granted. This will avoid some nasty surprises and employee grievances. Intranets on the iPad During 2012 and 2013, more and more organizations will offer end users the opportunity to interact with


14 February 2012


the fl ash drive. IT authorized access to the locked USB ports on the clinic’s desktop computers so that clinic staff could upload the data from LOK-IT.


Implementing the drive was simple. Basically, it’s a plug- and-play device, so there’s little training to be done. There were “no glitches … no hesitation,” Selzman says. The clinic found an added benefi t for patients who have home monitoring devices that transmit their cardiac reports using a landline. The reports are uploaded by the patient at home to the medical device companies’ websites. There are various devices, so there are several different sites where the patient reports end up. LOK-IT helps those patients who don’t have a landline by allowing the data from the medical device at home to be transferred to the hospital’s electronic medical records.


The clinic uses other medical devices besides St. Jude’s product, including Medtronic devices. Selzman says the LOK-IT drives they purchased also work with the Medtronic devices. For the clinic’s two physicians, two nurses and administra-


tor, LOK-IT has made fi ling patients’ medical records much easier. What once took hours can now be done at the end of a clinic day in 30 minutes. The stacks of paper are gone. “It’s easier to fi nd patient data,” Selzman says. Instead of looking through piles of paper, doctors now can search electronically. And the cardiac clinic has moved closer to the V.A.’s goal of going paperless.


HMT


Intranet sites or collaboration tools, such as SharePoint, on their private or corporate iPad. This will provide productivity gains for organizations and faster response times as users respond to corporate documents on a more convenient device, both at the offi ce and while travelling. Organizations will have to consider the security implications this poses.


Content security verses hardware security Increasingly, organizations will look into approaches


where the security focus is around actual content rather than the storage device. Instead of looking at storage security, CIOs will identify content at risk and secure the content, so when it is replicated security stays/travels with the content to all its ultimate destinations.


Shortened product development lifecycles Customers will increasingly expect vendors to adapt


software even more quickly in response to evolving working practices and emerging IT security threats. Those vendors best able to demonstrate technical and business agility to “tweak” their offerings for immediate threat protection will gain a clear competitive advantage. Technology has to be kept as simple as possible for users to adopt as second nature, without signifi cantly impacting their productivity.


HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44