Secure Cloud Hosting for Healthcare Organizations

Size: px

Start display at page:

Download "Secure Cloud Hosting for Healthcare Organizations"

Prosper Aron Poole
8 years ago
Views:

1 Secure Cloud Hosting for Healthcare Organizations

2 OUR MISSION FIREHOST MISSION Our core is an unshakable, no compromise commitment to protect our customer's digital assets with integrity and innovation by utilizing our expert experience in security, compliance, performance, and service.

assets with integrity and innovation by utilizing our

FIREHOST PILLARS Security Fully managed security protecting you from real threats Compliance Exceeding compliance requirements to reduce your risk Performance Benchmarked

3 FIREHOST PILLARS Security Fully managed security protecting you from real threats Compliance Exceeding compliance requirements to reduce your risk Performance Benchmarked performance - there's no competition Service Flexibility and control at your fingertips - backed by experts Noted in Gartner s 2012 Magic Quadrants for MANAGED HOSTING PUBLIC CLOUD &

performance - there's no competition Service Flexibility and control at your fingertips

4 GEOGRAPHIC DIVERSITY US, EU, and APAC Data Centers Full High-Availability Cloud Architecture Data Center Locations CDN Points of Presence DNS Points of Presence Secure MPLS Network

5 HIPAA INCIDENTS HIPAA Incidents Utah Department of Health: 780,000 affected individuals. Breach discovered more than 30 days later of server hack. 1 year Free Credit Monitoring and insurance (estimates of up to $234 million on just the monitoring portion alone) Sutter Medical Foundation: 943,000 individuals effected. 11 Lawsuits totaling between $944 million to $4.25 billion. Tricare Management: 4,901,432 individuals effected. $4.9 billion sought in class action lawsuit. (even with exhausted insurance from SAIC, best case scenario is Tricare is out a $10 million deductible)

1 year Free Credit Monitoring and insurance (estimates of up to $234 million on just the monitoring portion alone) Sutter Medical Foundation:

6 HIPAA INCIDENTS But there s more June 13, Stanford Reports 5 th big HIPAA Breach (additional 13,000 records). January 9, Stanford has breach (57,000 records) after an unencrypted company laptop containing patient medical information was stolen from physician s car July 2013 Stanford University Medical Center loses 2,500 patient records of a HIPAA breach after unencrypted desktop stolen Notified 20,000 patients that their protected information was wrongly posted on a student website (resulted in a $20 million lawsuit)

stolen from physician s car July 2013 Stanford University Medical Center loses 2,500 patient records of a HIPAA breach after

7 HIPAA PENALTIES Fines are trickling down and will continue to get worse! September 23 rd 2013, HIPAA Omnibus went into effect Increased Civil Penalty structure required under the HITECH Act (Penalties as high as $1.5 million per violation now) BAA (Business Associate Agreements) mandatory Smaller employers are finding themselves on the receiving end of HIPAA audits. Now is a good time to review all your information technology and HIPAA compliance programs to make sure all required safeguards are in place. Computer Networks: The HHS s Federal Office for Civil Rights (OCR) has stepped up HIPAA audits including covered entities. Significant monetary fines have been levied up to millions of dollars for what appeared to be small issue

5 million per violation now) BAA (Business Associate Agreements) mandatory Smaller employers are finding themselves on the receiving end of HIPAA audits.

8 A Layered Explanation THE HEALTHDATA REPOSITORY Move your healthcare data to a secure HealthData Repository A FireHost HealthData Repository can provide a safe haven for regulated healthcare data. Leverage the HITRUST certified private cloud infrastructure to decouple health records from existing IT environments.

safe haven for regulated healthcare data.

9 A Layered Explanation THE HEALTHDATA REPOSITORY Current Situation HIPAA-regulated data sits in a monolithic IT environment High risk and broad scope for compliance Burdened by slow audit times and high costs Vulnerable to threats

environment High risk and broad scope for compliance

10 A Layered Explanation THE HEALTHDATA REPOSITORY Why a Secure HealthData Repository? Reduce the scope of compliance for faster, more cost effective audits Increase the security of sensitive data

11 A Layered Explanation THE HEALTHDATA REPOSITORY Reduce Risk Decouple regulated data from local Infrastructure Access to sensitive data restricted and secured HITRUST-certified and BAA friendly

12 A Layered Explanation THE HEALTHDATA REPOSITORY Security Multiple layers of fully managed security Web application firewalls Unlimited firewall zones IP reputation management DDoS mitigation SSLVPN/L2LVPN secure access Physically isolated secure SAN

firewalls Unlimited firewall zones IP reputation management

13 A Layered Explanation THE HEALTHDATA REPOSITORY Compliance HITRUST-certified infrastructure to address HIPAA compliance Reduced scope for compliance Faster audit times and lower costs Less procedural documentation and policies

HIPAA compliance Reduced scope for compliance Faster

14 A Layered Explanation THE HEALTHDATA REPOSITORY Performance Deploy quickly Multiple points of presence for global redundancy Ranked #1 in 3 rd party performance benchmarks Infrastructure close to application for low latency

for global redundancy Ranked #1 in 3 rd party

15 A Layered Explanation THE HEALTHDATA REPOSITORY Service 24x7x365 certified engineer support Fully managed security hardware and software Seasoned compliance experts on staff

16 The Whole Story A Layered Explanation THE HEALTHDATA REPOSITORY

17 INTELLIGENT SECURITY MODEL

18 Stand Out in the Cloud FIREHOST PERFORMANCE Unmatched Benchmarked Performance We put performance to the test AND WON It's Easier to Win Races when Every Component is Built for Speed and Availability Ranked #1 in server performance, memory speed, processor speed, and storage speed

Races when Every Component is Built for Speed and Availability Ranked

19 Stand Out in the Cloud FOR PARTNERS For Complete Compliance, it s a Shared Responsibility (but we have you covered)

20 Stand Out in the Cloud CREDENTIALS Security and Compliance Validation Auditor and security assessment friendly infrastructure PCI DSS 2.0 Compliant FireHost has been validated as a Level 1 Service Provider under PCI DSS v2.0 for our services. Our validation includes specific PCI DSS controls on which customers can rely. SSAE 16 SOC 1 / SOC 2 FireHost has received SOC 1 Type 2, SOC 2 Type 2, SOC 3 and ISAE 3402 reports. These reports demonstrate the viability of FireHost s control program over time. HIPAA/HITRUST FireHost has been certified against the Common Security Framework (CSF) from the Health Information Trust Alliance (HITRUST) and has been certified for HIPAA compliance. ISO FireHost has received a certificate of approval for our control program against the ISO/IEC 27001:2005 standard for Information Security Management Systems. Validated by multiple third parties

SSAE 16 SOC 1 / SOC 2 FireHost has received SOC 1 Type 2, SOC 2 Type 2, SOC 3 and ISAE 3402 reports. These reports demonstrate the viability of FireHost s control program over time.

21 A Layered Explanation THE HEALTHDATA REPOSITORY Thank You Jim Cuddy VAR Partner Manager (US) x8160 (Cell)

Locking Down the Cloud for Healthcare. Kurt Hagerman Chief Information Security Officer

Locking Down the Cloud for Healthcare Kurt Hagerman Chief Information Security Officer SECURITY TRENDS Healthcare businesses are fighting REAL threats Threats are growing over time by percent of breaches