Systems Administrator. July 2014 Sharon Welna, Information Security Officer



Similar documents
AgriLife Information Technology IT General Session January 2010

Disclaimer 8/8/2014. Current Developments in Privacy and Security Rule Enforcement

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Checklist for Breach Readiness. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow

Secure Your Mobile Workplace

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

INCIDENT RESPONSE CHECKLIST

HIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014

Incident Response. Proactive Incident Management. Sean Curran Director

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Service Level Agreement for Microsoft Online Services

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

The Impact of HIPAA and HITECH

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Securing Patient Portals

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

Cyber Security. John Leek Chief Strategist

Office 365 Professional Onboarding Services

Volume Licensing. Service Level Agreement for Microsoft Online Services August 5, 2015

Office 365 from the ground to the cloud

HIPAA LIAISON MEETING PRESENTAITON. August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer

Clevertar Privacy Policy

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Overview of the HIPAA Security Rule

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

Configuring and Deploying a Private Cloud. Day(s): 5. Overview

Security Is Everyone s Concern:

Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide

Microsoft Office 365 from Vodafone. Administrator s Guide for Midsize Businesses and Enterprises

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education. September 2014

HIPAA Privacy and Information Security Management Briefing

Configuring and Deploying a Private Cloud with System Center 2012 MOC 10751

What is Cloud-Based Security? Cloud-based Security = Security Management + Cloud Computing.

Symantec DLP Overview. Jonathan Jesse ITS Partners

Third Party Security: Are your vendors compromising the security of your Agency?

HIPAA/HITECH Act Implementation Guidance for Microsoft Office 365 and Microsoft Dynamics CRM Online

Statement of Work Office 365 Migration. Gateway Unified School District

UF IT Risk Assessment Standard

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

MS 20247C Configuring and Deploying a Private Cloud

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

Time to Value: Successful Cloud Software Implementation

Cloud Services Overview

Implementing Microsoft Azure Infrastructure Solutions

Microsoft Online Subscription Agreement/Open Program License Agreement Business Associate Amendment Amendment ID MOS13

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Configuring and Deploying a Private Cloud

plantemoran.com What School Personnel Administrators Need to know

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

HIPAA Security Education. Updated May 2016

10 Smart Ideas for. Keeping Data Safe. From Hackers

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM

Cloud Security Who do you trust?

Service Level Agreement LiIT Cloud Services Level Agreement SLA Version 2.0

VA Medical Device Protection Program (MDPP)

Information Security: A Perspective for Higher Education

PI Cloud Connect. Customer Onboarding Checklist

Small Business (1-25) Midsize Business (1-300) Enterprise (unlimited)

Best Practices for DLP Implementation in Healthcare Organizations

Implementing Microsoft Azure Infrastructure Solutions

Enterprise Architecture Review Checklist

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY?

Transformyx Service Level Agreement

ICONICS Using the Azure Cloud Connector

Specific observations and recommendations that were discussed with campus management are presented in detail below.

Microsoft Azure for IT Professionals 55065A; 3 days

Data Storage Options for Research

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

Acceptable Use of Information Technology

Cloud Courses Description

Transcription:

Systems Administrator July 2014 Sharon Welna, Information Security Officer

University of Nebraska Medical Center Today s Presentation Live Stream rtsp://hog.unmc.edu:554/broadcast/itslive.mp4 If you are having problems accessing a good quality live video stream, contact the UNMC Video Operations Center at 402-559-8090. Questions during the session can be emailed to kstrohbe@unmc.edu

University of Nebraska Medical Center Agenda Topic Information Security Metrics and Projects Microsoft Cloud Solutions Enterprise backup architecture Student Mobile App Presenter Sharon Welna Harry Wines Harry Wines Kim Strohbehn

University of Nebraska Medical Center Information Security Metrics/Projects Reported to: Joint Privacy/Security Work Group UNMC Compliance Committee TNMC/BMC Compliance Committee UNMC P Compliance Committee

Nebraska Medical Center Campus Affiliated Covered Entity Jan- Jun 2012 Jul- Dec 2012 Jan-Jun 2013 Jul-Dec 2013 Jan-Jun High Risk 0 0 1 2 4 2014 Recording Industry Notices 0 5 169 155 142 HIGH Risk: Feb 2014 Cryptolocker variant May 2014 2 occurrences Cryptolocker variant June 2014 Cryptolocker variant Recording Industry notices Most notices were false positives; received 26 valid notifications High Risk Significant incidents which could impact the security and availability of information system resources. Significant incidents which involve law enforcement. Recording Industry Notices: Notification from Recording Industry of potential copyright violations.

Nebraska Medical Center Campus Affiliated Covered Entity Incidents Investigated Jan-Jun 2012 Jul-Dec 2012 Jan- Jun 2013 Jul-Dec 2013 Jan-Jun 2014 46 26 41 38 60 Issues Reported 116 110 336 356 329 Security Incident Lost/stolen devices, inappropriate use investigations, information security officer investigations in support of HR, response to subpoena, etc. Security Issues Devices blocked from network, resetting passwords, web filtering issues, etc.

Nebraska Medical Center Campus Affiliated Covered Entity Jan-Jun 2012 Jul-Dec 2012 Jan- Jun 2013 Jul-Dec 2013 Jan-Jun 2014 Virus/Malware Reported Email SPAM reported 482 388 685 171 145 24 17 91 296 132 Total 668 598 1,153 918 666 Virus/Malware Machine which are infected with code, scripts, active content, and other software designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior. Email Spam Unsolicited or undesired email messages.

NCHICA North Carolina Healthcare Information & Communications Alliance, Inc. NCHICA is a nonprofit consortium of over 300 organizations representing the many sectors of the healthcare industry. 2014 AMC Conference on Security and Privacy included academic medical centers (AMCs), teaching hospitals and other large health enterprises - focused on Managing the Integrated Information Environment

University of Nebraska Medical Center

2013 Highlights Continued focus on Security Rule compliance 1. Affinity Health Plan over $1.2 million ephi left on photocopier drives 2. Wellpoint - $1.7 million Faulty testing of programming updates left information accessible on web portal 3. Idaho State University -- $400,000 Disabled firewall exposed ephi to breach 4. Adult & Pediatric Dermatology -- $150,000 Stolen unencrypted thumb drive; lacked risk analysis, and policies/procedures for breach notificaiton

Information Security Projects Photocopiers 1. Deloitte audited TNMC/BMC/UNMC P and found that security controls had not been implemented 2. Lisa Bazis audited UNMC copiers and found that security controls had not been implemented Larry Walker leading group to implement controls

Information Security Projects Information available via web portal 1. Phase 1--Currently UNMC implementing a data loss prevention (DLP) module evaluating data going across the Internet 2. Phase 2--UNMC is evaluating implementing a DLP module to find PII data on servers in the DMZ 3. Phase 3 Evaluate product to identify PII on workstations that are not encrypted Firewall/DMZ Audit 1. All firewall rules are audited in July 2. Will be requesting Compliance Checklist 3. Will be validating that current contracts are in place

Information Security Projects Unencrypted thumb drives 1. UNMC has implemented Microsoft One Drive for faculty, staff, and students to reduce the need to use thumb drives

Information Security Projects Risk Analysis 1. Information Security Office performs the risk analysis 2. Document reviewed by Deloitte, Fishnet, OCR and has been accepted 3. Developing plan to rebaseline in 2015

Information Security project Credit Card Compliance 1. New guidelines issued Oct 2013 Effective Jan 1 2015 2. However, new guidelines issued additional details on how to comply with PCI 2.0 (currently in effect) 3. Statement indicating compliance status completed July 1, 2014

New Resident Orientation One Drive Lync

University of Nebraska Medical Center Enterprise Backup

Microsoft Cloud Solutions Lync Instant Messaging SharePoint Team Sites Microsoft Cloud Solution - Office 365 Email (Exchange) Office 365 Subscription One Drive for Business (Simple File Sharing)

University of Nebraska Medical Center Cloud Deployment Status Lync Instant Messaging Deployed Everyone has access; no request process One time setup App available for mobile devices Lync now working with TNMC SharePoint 4 Pilots (Facilities; Library; CON; Public Relations) Complex product; many options Difficult to incorporate SharePoint administration into already busy workloads

University of Nebraska Medical Center Cloud Deployment Status Azure Yammer/365 Email ITS Testing Calendaring issues UNMC premise and UNMC cloud Hospital and UNMC Access to Shared / Generic Account

University of Nebraska Medical Center One Drive for Business / Office 365 One Drive for Business Currently Available Available for faculty, staff, students Your h: drive in the cloud Simple file sharing Internet connection & web browser Eliminate need for thumb drives Office 365 (subscription service) UNMC s is not currently licensed for Office 365 Purchasing a few licenses for testing Billing/tracking/renewal processes need to be worked out BUT can use One Drive for Business via web browser

University of Nebraska Medical Center Student Mobile App Campus Communication Week of July 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information