{"id":2077,"date":"2017-07-31T20:17:01","date_gmt":"2017-08-01T03:17:01","guid":{"rendered":"https:\/\/new.acalvio.com\/?p=2077"},"modified":"2017-07-31T20:17:01","modified_gmt":"2017-08-01T03:17:01","slug":"meeting-hipaa-requirements-with-acalvios-deception-2-0-solution-shadowplex","status":"publish","type":"post","link":"https:\/\/acalvio.p2staging.us\/index.php\/2017\/07\/31\/meeting-hipaa-requirements-with-acalvios-deception-2-0-solution-shadowplex\/","title":{"rendered":"Meeting HIPAA Requirements with Acalviob\u0000\u0019s Deception 2.0 Solution, ShadowPlex"},"content":{"rendered":"<p>The recent ransomware attacks such as Wannacry have highlighted the need for robust security controls in healthcare firms.B  These organizations are subject to HIPAA\/HITECH compliance requirements, but unfortunately many firms just seem them as a distraction. B This is a big mistake: The controls typically implemented for HIPAA\/HITECH shouldnb\u0000\u0019t be regarded as useless b\u0000\u001ccheck the boxesb\u0000\u001d distractions.B  Done right, they go a long way toward true risk management for covered entities.<br \/>\nOne of the most problematic security tasks for covered entities is the detection of threats that have evaded perimeter defenses. The wide variety of systems and people on internal networks makes it extremely difficult to keep attackers out of the environment. However, the HIPAA Security Rule requires attack detection and containment capabilities as one of the Administrative Safeguards:<br \/>\n<em>b\u0000\u001cA covered entityb\u0000&#038;mustb\u0000&#038;.implement policies and procedures to prevent, detect, contain, and correct security violationsb\u0000\u001d.<\/em>B  [HIPAA, 164.308 (a)]<br \/>\nThe updated audit protocol issued by Health and Human Services in April 2016 specifically includes auditing of this safeguard as a required element. But even if youb\u0000\u0019re not worried about being audited, you should be taking a hard look at how you are implementing this control.B  A weak detection effort can easily result in a breech that would trigger notification, and a lot of (very unpleasant) scrutiny and second-guessing.<br \/>\nAnother valuable aspect of internal threat detection is its relevance for risk assessment. HIPAA provides a degree of latitude with respect to public notification: If you have data that shows the risk of a breech is low, you can avoid notification.B  This begs the question: How can you possibly reach such a conclusion if you donb\u0000\u0019t have robust systems in place to detect internal compromise?<strong>B <\/strong><\/p>\n<div class=\"section post-body\">\n<strong>The Acalvio Advantage for HIPAA Compliance<\/strong><br \/>\nAcalviob\u0000\u0019s ShadowPlex Deception solution is perfectly suited to organizations seeking HIPAA compliance. Since ShadowPlex allows organizations to deploy realistic deceptions at scale and in a cost effective manner, it alleviates the limitations of earlier generation, b\u0000\u001cDeception 1.0b\u0000\u001d Solutions.<br \/>\nThe solution delivers four key benefits:<\/p>\n<ol>\n<li>Early detection of malicious activity that has penetrated the perimeter, with high fidelity (that is, low false positives)<\/li>\n<li>The ability to inhibit attackers and slow their efforts to compromise critical systems<\/li>\n<li>Intelligence gathering on the attacker (modes of operation, potential data exposure, and spread within the network)<\/li>\n<li>Internal threat intelligence and enhanced visibility of network &amp; system activity<\/li>\n<\/ol>\n<p>These benefits map to 13 controls in the HIPAA Security Rule, in particular those related to malware detection and inhibition, data protection, and risk assessment.B  For a complete list, check out ourB <em>HIPAA Compliance Whitepaper.<\/em><br \/>\nWeb\u0000\u0019ve talked about Acalviob\u0000\u0019s Deception 2.0 advantages in previous blogs, but one thing is worth repeating because itb\u0000\u0019s particularly relevant to healthcare covered entities: Service Reflection.B B  Credible deception in healthcare is hard because there are so many industry-specific systems on the internal network, and if the deception solution canb\u0000\u0019t blend in with them, a savvy attacker will spot the ruse.B  Service Reflection lets you take a single specialized system or application and clone it into hundreds of decoys, making it easy to create a deception posture that looks credible and stays credible over time.\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The recent ransomware attacks such as Wannacry have highlighted the need for robust security controls in healthcare firms.B These organizations are subject to HIPAA\/HITECH compliance requirements, but unfortunately many firms just seem them as a distraction. B This is a big mistake: The controls typically implemented for HIPAA\/HITECH shouldnb\u0019t be regarded as useless b\u001ccheck the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":5702,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[87,104,107],"_links":{"self":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/2077"}],"collection":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/comments?post=2077"}],"version-history":[{"count":0,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/2077\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/media\/5702"}],"wp:attachment":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/media?parent=2077"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/categories?post=2077"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/tags?post=2077"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}