Creating Effective Security Strategies for eHEALTH Systems

Software vulnerabilities in commercial and custom applications are increasingly being targeted by cyber criminals. Gartner, for example, recently estimated that two-thirds of customer-facing web servers have exploitable vulnerabilities. As such, protecting critical eHealth and enterprise systems from attacks that can disrupt operations and threaten regulatory compliance is both urgent and important for IT security professionals.

This session led by Brad Nelson and Blake Sutherland teaches users about the new threat, what systems are vulnerable, and why host-based intrusion prevention offers a powerful antidote to these attacks. You will also learn about an important industry initiative (eHVRP) that is establishing approaches and procedures to help ensure eHealth systems are broadly and rapidly deployed with the highest levels of privacy and security.

The eHealth Vulnerability Reporting Program (eHVRP), is an industry initiative that has been formed to ensure customers of eHealth systems have the necessary information to appropriately manage risk related to eHealth systems. The program hopes to do this by establishing a mechanism for eHealth system vendors and their customers to access and report system vulnerabilities in a mutually acceptable, beneficial and confidential manner. The initial focus of this program is on EHR systems. As part of this program, Demonstration Projects are being used to validate that vulnerability information used in conjunction with appropriate compensating controls are a practical way of quickly reducing risk while maintaining system usability.

• Describe the new threats to healthcare data systems.
• Detail the sources of vulnerabilities in eHealth systems
• Understand the EHVRP (eHealth Vulnerability Reporting Program and how the industry is working together to achieve a common goal
• Outline the program findings and what they mean in practical terms
• Discuss current best practices for protecting eHealth systems

Who Can Use This Program?

• Healthcare Informatics Directors
• Security Directors
• IT Managers
• Risk Managers
• Directors of Nursing
• Nursing Informatics Directors
• Administrators
• C-level executives
• Chief Medical Officer
• Business Managers

Brad Nelson is a Senior Information Security Analyst at the University of Utah Health Sciences Center (UUHSC) and Co-Chair of the Vulnerability Assessment Working Group of the eHealth Vulnerability Reporting Program. Brad has also held the position of Privacy Analyst in the UUHSC's HIPAA Privacy Office and has worked in the health care environment for over 30 years. Brad holds a Master of Public Administration Degree, a Graduate Certificate in Information Systems and is a Certified Information Systems Security Professional (CISSP).

Blake Sutherland

Blake Sutherland is Vice President of Product Management at Third Brigade, a software security company and Co-Chairs the Vulnerability Assessment Working Group of the eHealth Vulnerability Reporting Program. Blake has spent most of his career in the software security industry understanding customer and market requirements and incorporating them into security products. Prior to joining Third Brigade, Blake was at Entrust, a leading Internet Security company, as a Senior Product Manager and Solution Manager for Entrust's Secure Data Solutions. Blake is a Professional Engineer in the Province of Ontario as well as a Certified Information Systems Security Professional and holds a Bachelor of Applied Science degree in Engineering Physics from Queen's University.

What Is Included?

The CD includes the audio of the presentation, the slides prepared by the speaker and a .pdf file of the slides for printing. Your computer does need an audio component to use this CD.