Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

HIPAA Configuration Auditing

Looking to 2017, there may be new goals, challenges, and projects that face your organization. This is a good time to take the “10,000 foot view” of what your organization wants to address. While this is a great time to outline and plan new projects, this is also an opportune time to reassess current projects, including the controls put in place to address laws and regulations. One of those laws receiving attention in the news recently is the Health Insurance Portability Accountability Act (HIPAA).

Consequences of noncompliance

Passed into law in 1996, HIPAA is certainly not new. HIPAA is an act that addresses administrative, technical, and physical controls around protecting sensitive patient data. Most organizations under HIPAA’s umbrella already have an understanding of what the act means to their organizations in terms of securing sensitive data. But organizations can also grow complacent in their processes and ultimately become noncompliant, as discussed in our Drifting Out of Compliance blog post. This is a dangerous situation for organizations, as the federal government just fined a university $650,000 for being compromised with remote access malware:

“In the 13th major HIPAA enforcement action so far this year (2016), federal regulators have slapped the University of Massachusetts Amherst with a $650,000 financial settlement and corrective action plan after investigating a relatively small 2013 breach involving a malware infection at a campus speech and language center.”

There have been over $12 million HIPAA-related fines in 2016

Information security is a dynamic sector, regularly changing to remain current with trends, and your organization should not overlook controls and processes that act as the foundation of your overall security program. While the HIPAA acronym may be dated in some people’s minds, the enforcement certainly is not. There have already been over $12 million HIPAA-related fines in 2016 alone. Organizations should regularly assess their current processes that pertain to these controls so that they don’t lose track of their effectiveness.

Our blog, Tips for Making The Most of Your Year-End Spending, provides advice on budgeting for the new fiscal year. Two important tips are evaluating your current environment, and identifying the gaps between your current status and goals. Has your environment expanded at all? Does the new environment fall under HIPAA regulation? If so, do you have proper controls in place to protect that environment?

Two important tips: evaluate your current environment, and identify the gaps between your current status and goals

Tenable solutions

Tenable provides solutions that enable organizations to address these year-end questions by tracking and assessing environments with continuous network monitoring. The Tenable Assurance Report Cards (ARCs) do a great job of quickly analyzing environments against pre-defined baselines with a Pass/Fail grading. Organizations can leverage ARCs to quickly assess whether a previously compliant environment has developed compliance failures, or to grade completely new environments. In addition to ARCs, the HIPAA Configuration Audit Summary dashboard in SecurityCenter Continuous View® (SecurityCenter CV™) has been updated. It provides detailed and relevant data from your environment for security analysis and HIPAA compliance. The dashboard features over ten components that address HIPAA concerns such as:

  • Access Control & Workstation Security
  • Security Management Process
  • Integrity, Authentication & Transmission Security

You can customize these components to fit the uniqueness of your environment. The HIPAA dashboard also automatically tracks the number of hosts for each component, while displaying the percentage of hosts that have passed and the percentage of hosts that have failed.

HIPAA Configuration Audit Summary Dashboard

Conclusion

There are always new trends and concerns to be addressed when securing an environment, but fundamental processes, controls, and compliance should not be forgotten. Organizations can leverage Tenable solutions to keep up with the latest security trends while simultaneously addressing well-established regulation responsibilities such as those put in place by HIPAA.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training