WHITEPAPER / Protecting Healthcare Data / PAGE 1

HIPAA Standards

164.312 “Transmission Security: A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.”

164.306 “Ensure the confidentiality, integrity and availability of all electronic protected health information that covered entity or business associate creates, receives, maintains or transmits.”

Healthcare networks are massive, and the odds of them being hit hard by data breaches are just as incredible. In 2017, the Ponemon Institute and IBM Research found that breaches in healthcare were the costliest of any affected industry for the seventh year in a row, topping more than $6.2 billion over the course of 2016 alone.

The security of that data is highly regulated, and loss of patient health information (PHI) and other important data can cause irreparable damage to an organization’s reputation and bottom line.

In addition, healthcare IT is generally tasked with managing a complex distributed network that connects a tangled web of people, data and machines.

In an era where targeted, advanced cyber-attacks are almost an everyday occurrence, ensuring that sensitive data is protected and connected machines secured – all while keeping processes on the network running at maximum efficiency – has never been more challenging.

WHITEPAPER / Protecting Healthcare Data / PAGE 2

Areas of Risk in Protecting Healthcare Data Include:

Terabytes of PHI/PII Healthcare organizations keep unprecedented amounts of very sensitive data on millions of people, and motivation to steal healthcare data is high: health record value, healthcare and prescription fraud, identity theft, and more.

Shared Data Healthcare entities are mandated by the Affordable Care Act to start sharing all patient records electronically, increasing the already large number of users with access to the data you are trying to secure.

Internet of Things Healthcare tech is unique—involving mobile, cloud, and thousands of different devices that are wirelessly connected—everything from pacemakers to complex imaging machines.

More Regulations Regulatory compliance pertaining to data security in healthcare organizations, which is in legislation such as HIPAA, HiTech, and the Affordable Health Care Act, have gotten even more stringent as the threats to PHI become more complex and harder to combat.

Breaches are Costly The fallout from a data breach can be exorbitant, from punitive fines for regulatory violations to customer attrition and class-action lawsuits. For instance, in the wake of the 2016 Anthem Health data breach, no less than six class action suits were filed.

For starters, the proliferation of mobile devices and IoT in healthcare has caused bandwidth demands to explode on healthcare networks beyond what many old-school security architectures were designed to handle. Leveraging traditional, appliance-based web gateways will require the use of expensive MPLS and VPN connections to assure mobile or remote traffic is backhauled back to the gateway at headquarters.

This configuration makes the network cumbersome and complicated to manage, and often requires IT to manage traffic from multiple consoles when they need to cumulatively add gateways or servers to the

network architecture. The sheer bulk and complexity of the network in this configuration stretches security teams thin, making it all the more difficult to detect flaws in the network and remediate them in real time.

A very real danger in the context of healthcare is latency, since many of the connected devices used by professionals in this field require optimal performance in near real time to adequately perform their necessary tasks. When communications are held up by bandwidth crunches or stalled traffic along backhaul networks, a patient’s wellbeing could hang in the balance, not to mention the security of their data.

These risks illustrate why data protection is one of healthcare’s most challenging concerns and one that is not being addressed by today’s standard cybersecurity approaches.

WHITEPAPER / Protecting Healthcare Data / PAGE 3

The iboss Distributed Gateway Platform Closes the Security Gap to Protect PHI

High-profile data breaches are evidence that preventing 100 percent of malware from reaching your network is simply unrealistic given today’s threat environment. Even the largest enterprise healthcare organizations, investing heavily in preventive security such as firewalls, secure web gateways, and sandboxing, have incurred serious data breaches resulting in dramatic losses. These attacks, involving millions of records stolen, are no longer unprecedented. Analysts have warned consistently that networks will be infected, and healthcare organizations will continue to be a lucrative target for hackers.

Once evasive malware bypasses your perimeter defenses and infects your network, the clock starts counting down. What it is measuring is the time between when the malware reaches the network and when it is discovered. This “dwell time” is the window where data loss occurs. The average dwell time is now 229 days according to the latest research from the Ponemon Institute, which helps explain the massive amounts of data lost in cases like Anthem and others.

Malware Will Get Through

There is a Security Gap on Your Network

The iboss Distributed Gateway Platform includes best-in-class preventive security along with patented technology to close the security gap and ensure that data is protected against criminal attacks. All of this is delivered via the industry’s first 100 percent subscription-based SaaS secure web gateway platform, which leverage a node-based architecture that allows healthcare IT to scale up their gateway protections as bandwidth needs evolve. Best of all, iboss focuses on thwarting potential malware threats on the way into the network, while keeping an eye toward data loss prevention that would hurt a provider’s bottom line.

The iboss platform begins with visibility across all inbound and outbound data channels – ports – on a user’s network. This is crucial because many of today’s cyber attacks deliver their data-stealing payloads via high hidden ports and evasive protocols that other security solutions can’t see. In fact, most signature-based filtering products on the market only monitor ports 80 and 443 – the two primary default ports for two-way internet traffic – ignoring the more than 131,000 ports where traffic could potentially originate.

WHITEPAPER / Protecting Healthcare Data / PAGE 4

iboss Closes the Security Gap by Taking the Following Approach:

Network Anomaly Detection and Containment inspects outbound traffic, comparing it to a baseline of normal traffic and analyzing along multiple parameters such as, bytes in/out, number of connections, number of packets, protocol and communication destination.

Once an anomaly is detected, an alert is sent and the data is automatically contained, preventing data loss from occurring.

Actionable intelligence from the iboss Incident Response Center provides the complete context of the threat, answering what was compromised, how was it compromised, who did it, is it truly over and can it happen again, so you can remediate and immunize against future attacks.

iboss delivers these protections to healthcare organizations — large and small — and is unique in being able to deliver anytime, anywhere protection that extends security across all mobile users and the Internet of Things – a growing consideration for networks of all types and breadths. Because the iboss platform is born in the cloud, all of this can be accomplished without forcing providers to pay for costly MPLS or VPN connections as their mobile and IoT network access grows.

iboss, Inc.· U.S. HQ 101 Federal Street, 23rd Floor, Boston, MA 02110© 2018 All rights reserved. iboss, Inc. All other trademarks are the property of their respective owners. WHITEPAPER / Protecting Healthcare Data / PAGE 5

LN -

01 •1

8

About ibossThe iboss Distributed Gateway Platform is a web gateway as a service that is specifically designed to solve the challenges of securing distributed organizations. Built for the cloud, iboss leverages a revolutionary, node-based architecture that easily scales to meet ever-increasing bandwidth needs and is managed through a single interface. The iboss Distributed Gateway Platform is backed by more than 110 patents and protects over 4,000 organizations worldwide, making iboss one of the fastest growing cybersecurity companies in the world.

To learn more, visit www.iboss.com or contact iboss at sales@iboss.com

Learn more about how the iboss Distributed Gateway Platform has helped a wealth of healthcare providers streamline their network operations while delivering the most comprehensive security assurance possible.

• Provides location-aware content inspection that protects patient privacy by detecting when personnel on mobile devices are on and off organization property

• Stops malware at the gateway with preventive features that include behavioral sandboxing, intrusion prevention, and global-sourced threat correlation.

• Stops data-stealing infections with advanced malware defense that detects evasive malware that bypassed perimeter defense.

• Stops PHI from leaving the network with anomaly detection that analyzes your outbound data movement and measures it against a normal baseline to detect abnormalities signifying a problem. It then automatically contains the suspicious data transfer before loss can occur.

• Delivers actionable intelligence in real-time from the Incident Response Center, which correlates and analyzes data to give you the complete context of each threat for immediate remediation.

• Provides seamless security for distributed healthcare organizations with uniform policies, features, and security across all locations and devices.

Additional features of the iboss Distributed Gateway Platform include: