Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strong Authentication and Single Sign-On (SSO) for Health Care

Published byEric Rodgers Modified over 6 years ago

Similar presentations

Presentation on theme: "Strong Authentication and Single Sign-On (SSO) for Health Care"— Presentation transcript:

1

2 Strong Authentication and Single Sign-On (SSO) for Health Care
McKesson 9/20/2018 3:34 PM Strong Authentication and Single Sign-On (SSO) for Health Care Kevin Peterson Sr. Security Engineer Product Development World’s largest health care extranet Foundation of security solutions portfolio 900+ hospitals 450+ data lines 4000+ SecurID tokens deployed Only two-factor authentication supported for McKesson’s customers using extranet services Copyright (C) McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

3 Strong Authentication
McKesson 9/20/2018 3:34 PM Strong Authentication What is strong authentication? Why is strong authentication needed? Non-repudiation (identify the user) Meaningful audit logs Passwords are extremely easy hack, crack, steal, guess, reveal, learn, social engineer, etc.. What you have, what you know, who you are (2 of three) EPHI Impact Copyright (C) McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

4 Password Risk 1: Written Down
McKesson 9/20/2018 3:34 PM Password Risk 1: Written Down Notepads Sticky notes Wallet cards Password replay/caching software PDAs Documents P2P Software Malware – HIPAA requirement, hard to control outside the hospital, can easily steal/reveal passwords. The ever-increasing numbers of passwords forces us to synchronize, write down, etc… Copyright (C) McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

5 Password Risk 2: Key Logging
McKesson 9/20/2018 3:34 PM Password Risk 2: Key Logging Captured logon to a security gateway and then a physician’s portal. <! , 16:49. User: “Bob". Window title:"MSNBC Cover - Microsoft Internet Explorer"--> portal.hospital.org [Backspace][Backspace][Backspace][Backspace]drsmithpassword bobsmithmysecret Hardware & Software – functionality Search on Google.com for “keylogger” returns approximately 466,000 hits Search on Download.com for “keylogger” return approximately 41 programs for easy download Take a poll: How many have heard of key loggers? How many believe they are a real threat? Copyright (C) McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

6 Password Risk 3: Easily Guessed or Cracked
McKesson 9/20/2018 3:34 PM Password Risk 3: Easily Guessed or Cracked Dictionary Attacks Brute Force Attacks Shared passwords Similar to other passwords Stored in weak databases Wireless LAN transmissions Unix - Shadow passwords NT – SAM database on disk Copyright (C) McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

7 Single Sign-On

8 Health Care Challenges Driving Single Sign-On (SSO)
McKesson 9/20/2018 3:34 PM Health Care Challenges Driving Single Sign-On (SSO) Clinical workers need to be more efficient Clinical applications are being driven onto the Internet and mobile devices I.T. is a cost center, and costs must be lowered! Too many passwords, too little time HIPAA! PIGs and COWs Copyright (C) McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

9 SSO Beliefs Can reduce help desk calls
Can decrease the burden on users Immature technology limits its use

10 SSO “Hidden Secrets” Ideally, users should never know any of their passwords! Can bring down all clinical applications! Must be available at all times! Access for remote users Access for synchronized offline data Biometric devices are not the only answer Must be capable of providing strong authentication outside the hospital

11 Key Business Planning Steps for Successful SSO
McKesson 9/20/2018 3:34 PM Key Business Planning Steps for Successful SSO Evaluate the stability of the SSO vendor Ensure that the solution is being driven toward HIPAA Separate the wants from the needs Ensure that all of the maintenance and support processes are appropriately addressed Ensure a total commitment to the solution Obtain complete funding through both qualitative and quantitative measures – Make the Business Case! I – C - A Copyright (C) McKesson Corporation. All Rights Reserved. Proprietary and Confidential.

12 Key Technical Planning Steps for Successful SSO
SSO software selection Availability Disaster Recovery Remote Access Mobile Access Desktop Access Thin Client Access Thin Client Access Lab Environment Applications Scripting Training User Enrollment Authentication Devices

13 Questions?

Download ppt "Strong Authentication and Single Sign-On (SSO) for Health Care"

Similar presentations

MediTract Contract Management Software

MediTract Contract Management Software
The Lucernex Cloud: A software-as-a-service solution delivered via the Cloud What is the Cloud? Cloud Computing is the future of all software applications,

The Lucernex Cloud: A software-as-a-service solution delivered via the Cloud What is the Cloud? Cloud Computing is the future of all software applications,
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.

© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Uday O. Ali Pabrai, CISSP, CHSS Chief executive, HIPAA Academy Health care & HIPAA Security Remediation.

Uday O. Ali Pabrai, CISSP, CHSS Chief executive, HIPAA Academy Health care & HIPAA Security Remediation.
Treasury in the Cloud Bob Stark – Vice President, Strategy September 17, 2014.

Treasury in the Cloud Bob Stark – Vice President, Strategy September 17, 2014.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Mike Hager Enterprise Security Advisor Unisys Corporation It’s All About The Data.

Mike Hager Enterprise Security Advisor Unisys Corporation It’s All About The Data.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.

 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.

Similar presentations

Ads by Google