Strong Authentication and Single Sign-On (SSO) for Health Care

Slides:



Advertisements
Similar presentations
MediTract Contract Management Software
Advertisements

The Lucernex Cloud: A software-as-a-service solution delivered via the Cloud What is the Cloud? Cloud Computing is the future of all software applications,
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Uday O. Ali Pabrai, CISSP, CHSS Chief executive, HIPAA Academy Health care & HIPAA Security Remediation.
Treasury in the Cloud Bob Stark – Vice President, Strategy September 17, 2014.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Information Security Technological Security Implementation and Privacy Protection.
Mike Hager Enterprise Security Advisor Unisys Corporation It’s All About The Data.
SEC835 Database and Web application security Information Security Architecture.
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
How Safe Is Your Mobile Information? Issues and Safeguards for Mobile Devices Dan Morrissey, CHSP Catholic Health Initiatives Fourteenth National HIPAA.
Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.
Health Information Technology Basics January 8, 2011 by Leola McNeill adapted from Information Technology Basics by June 2009, Kayla Calhoun & Dr. Frank.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
University Health Care Computer Systems Fellows, Residents, & Interns.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Eliza de Guzman HTM 520 Health Information Exchange.
Single Sign-On
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
1 Craig D. Azoff, Director Administrative Information Systems Bill Luecken, Senior Director Information Systems Eric Steinhardt, Security Manager 13 th.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Protecting PHI & PII 12/30/2017 6:45 AM
Hacking Windows.
Secure Connected Infrastructure
Cloud Faxing for Law Firms
Secure Hyperconnectivity with TeamViewer and Windows technologies
Utilize Internal Data via Mobile Business Apps
Cloud-First, Modern Windows Management and Security
Tim Carter Sales Director Sybase Confidential Propriety.
Letsignit, an Automated Signature Solution for Microsoft Office 365 and Microsoft Exchange, Provides Efficiency in Branding and Customization OFFICE.
Microsoft /21/ :25 AM THR3060 Empowering education for students through the power of Microsoft Azure & Server 2016 Annur Sumar CTO, MaeTech.
Product Manager, Keon PKI
CompareDocs cloud Makes it Immediately Clear What has Changed Between Document Versions, on any Windows 10-Compatible PC or Device WINDOWS APP BUILDER.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Selecting a Business Continuity Planning Tool
Tim Carter Sales Director Sybase Confidential Propriety.
Solutions overview 2018.
HIPAA Standards Update
12 STEPS TO A GDPR AWARE NETWORK
Contact Center Security Strategies
The Practical Side of Meaningful Use:
Implementing Client Security on Windows 2000 and Windows XP Level 150
K!M SAA LOGICAL SECURITY Strong Adaptive Authentication
Letsignit, an Automated Signature Solution for Microsoft Office 365 and Microsoft Exchange, Provides Efficiency in Branding and Customization OFFICE.
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Global Technology Services
Security week 1 Introductions Class website Syllabus review
O.S. Security.
Agenda The current Windows XP and Windows XP Desktop situation
COEN 351 Authentication.
Introduction to the PACS Security
6. Application Software Security
In the attack index…what number is your Company?
Cloud Computing for Wireless Networks
Presentation transcript:

Strong Authentication and Single Sign-On (SSO) for Health Care McKesson 9/20/2018 3:34 PM Strong Authentication and Single Sign-On (SSO) for Health Care Kevin Peterson Sr. Security Engineer Product Development World’s largest health care extranet Foundation of security solutions portfolio 900+ hospitals 450+ data lines 4000+ SecurID tokens deployed Only two-factor authentication supported for McKesson’s customers using extranet services Copyright (C) 2002 McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

Strong Authentication McKesson 9/20/2018 3:34 PM Strong Authentication What is strong authentication? Why is strong authentication needed? Non-repudiation (identify the user) Meaningful audit logs Passwords are extremely easy hack, crack, steal, guess, reveal, learn, social engineer, etc.. What you have, what you know, who you are (2 of three) EPHI Impact Copyright (C) 2002 McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

Password Risk 1: Written Down McKesson 9/20/2018 3:34 PM Password Risk 1: Written Down Notepads Sticky notes Wallet cards Password replay/caching software E-mail PDAs Documents P2P Software Malware – HIPAA requirement, hard to control outside the hospital, can easily steal/reveal passwords. The ever-increasing numbers of passwords forces us to synchronize, write down, etc… Copyright (C) 2002 McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

Password Risk 2: Key Logging McKesson 9/20/2018 3:34 PM Password Risk 2: Key Logging Captured logon to a security gateway and then a physician’s portal. <!--08.05.2003, 16:49. User: “Bob". Window title:"MSNBC Cover - Microsoft Internet Explorer"--> portal.hospital.org [Backspace][Backspace][Backspace][Backspace]drsmithpassword bobsmithmysecret Hardware & Software – email functionality Search on Google.com for “keylogger” returns approximately 466,000 hits Search on Download.com for “keylogger” return approximately 41 programs for easy download Take a poll: How many have heard of key loggers? How many believe they are a real threat? Copyright (C) 2002 McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

Password Risk 3: Easily Guessed or Cracked McKesson 9/20/2018 3:34 PM Password Risk 3: Easily Guessed or Cracked Dictionary Attacks Brute Force Attacks Shared passwords Similar to other passwords Stored in weak databases Wireless LAN transmissions Unix - Shadow passwords NT – SAM database on disk Copyright (C) 2002 McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

Single Sign-On

Health Care Challenges Driving Single Sign-On (SSO) McKesson 9/20/2018 3:34 PM Health Care Challenges Driving Single Sign-On (SSO) Clinical workers need to be more efficient Clinical applications are being driven onto the Internet and mobile devices I.T. is a cost center, and costs must be lowered! Too many passwords, too little time HIPAA! PIGs and COWs Copyright (C) 2002 McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

SSO Beliefs Can reduce help desk calls Can decrease the burden on users Immature technology limits its use

SSO “Hidden Secrets” Ideally, users should never know any of their passwords! Can bring down all clinical applications! Must be available at all times! Access for remote users Access for synchronized offline data Biometric devices are not the only answer Must be capable of providing strong authentication outside the hospital

Key Business Planning Steps for Successful SSO McKesson 9/20/2018 3:34 PM Key Business Planning Steps for Successful SSO Evaluate the stability of the SSO vendor Ensure that the solution is being driven toward HIPAA Separate the wants from the needs Ensure that all of the maintenance and support processes are appropriately addressed Ensure a total commitment to the solution Obtain complete funding through both qualitative and quantitative measures – Make the Business Case! I – C - A Copyright (C) 2002 McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

Key Technical Planning Steps for Successful SSO SSO software selection Availability Disaster Recovery Remote Access Mobile Access Desktop Access Thin Client Access Thin Client Access Lab Environment Applications Scripting Training User Enrollment Authentication Devices

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.