Security News

Compliance Testing Remedies HIT Infrastructure Vulnerabilities

HIT infrastructure vulnerabilities can be fixed and avoided by implementing a compliance testing service to make sure security gaps are closed.

HIT infrastructure vulnerabilities

Source: Thinkstock

By Elizabeth O'Dowd

- Organizations expanding their IT environment are tasked with choosing tools that are in compliance with HIPAA and can be used securely and efficiently in a healthcare environment. HIT infrastructure vulnerabilities threaten patient data and entities need to consider compliance testing to make sure tools are functioning the way they should and in compliance.  

Clearwater Compliance announced that it will now be providing technical testing services to help entities improve their IT infrastructure in a way that meets HIPAA Security Rule technical evaluation requirements and improves overall efficiency.

The offering is based on the guidance from the Office for Civil Rights (OCR) and the National Institute for Standards and Technology (NIST). The service will conduct vulnerability scans, penetration tests, social engineering testing, and web application testing.

These tests will allow organizations to identify existing IT infrastructure vulnerabilities so weakness can be remedied before they cause problems. The evaluations organizations can conduct include:

  • Internal and External Vulnerability Assessment and Penetration Testing
  • Internal and External Vulnerability Assessment
  • Wireless LAN Security Validation
  • Web Application Testing
  • Network Architecture Assessment
  • Security Awareness Assessment

“Every day, healthcare organizations are seeing more and more attempts at hacking into their systems,” Clearwater Compliance CEO Bob Chaput said in a statement. “One of our large, national healthcare customers recently told us that in the course of 24 hours, they had blocked more than 36 million unauthorized network access attempts, and it only takes one successful attempt to cause havoc.”

“Technical Testing Services is a natural addition to our portfolio of SaaS-based software and professional services and adds an important product in our growing suite of cybersecurity services.”

The service is supported by the American Hospital Association (AHA).

The volume of cybersecurity threats healthcare organizations deal with on a regular basis makes it vital to test for vulnerabilities. Entities must also look into security solution options that take a more sophisticated approach to network security.

These new security solutions also need to be tested to make sure they are in compliance and interoperable with other IT infrastructure tools.

Threat intelligence is an example of a more sophisticated security tool that can help organizations be more proactive in their network security.

Threat intelligence is evidence-based knowledge that gives organizations insight into emerging and potential threats. This allows them to make informed decisions about how to protect their network from current and possible future threats.

The Ponemon Institute released a report in late 2017 indicating that organizations understand that threat intelligence is critical to modern cybersecurity deployments. Even so, many entities still struggle to leverage the technology because they lack the staff experience needed to handle the amount of data produced and collected.

“It’s abundantly clear that organizations now understand the benefits provided by threat intelligence, but the overwhelming volume of threat data continues to pose a hurdle to truly effective adoption,” Ponemon Institute Chairman and Founder Dr. Larry Ponemon said in a statement.

“Threat intelligence programs are often challenging to implement, but when done right, they are a critical element in an organization’s security program,” he continued. “The significant growth in adoption over the past year is encouraging as it indicates widespread recognition of the value threat intelligence provides.”

Threat intelligence also counts on the support of the community and information sharing among organizations. Information sharing lets entities be more successful in identifying threats that can potentially harm the network.

As organizations embark on their digital transformation, it becomes increasingly important to view the IT infrastructure as a whole, rather than separate solutions working side-by-side.

Assessing IT environments to make sure that tools are interoperable and covering all the gaps is a key step to protecting patient data. Implementing more advanced tools and taking to time to mesh them with the network is also key to a secure and successful health IT infrastructure.