Security vs Compliance in Healthcare

Explore the critical distinction between security and compliance in healthcare IT during this 47-minute conference talk from the Central Ohio InfoSec Summit 2016. Delve into common attack vectors, risks associated with shared accounts and kiosk systems, and the potential consequences of unsecured medical environments. Learn about various authentication options, including smart cards and managed PKI providers, and discover essential security measures such as application whitelisting, removable media restrictions, and internet communication controls. Gain insights into emerging trends like VDI (Virtual Desktop Infrastructure) and their impact on healthcare security. Walk away with a deeper understanding of how to balance regulatory compliance with robust security practices in the healthcare sector.

Intro
Disclaimer
Background
The session is not secure
Plenty of time
Attack vectors
What can someone do with alone time?
Why would someone do that?
Kiosk accounts are everywhere
Risky business
Shared accounts provide no accountability
Current authentication options
Contact smart cards/CIV Cards
Managed PKI providers
Restrict removable media
Application Whitelisting
Restrict internet communications
Other critical controls
The new big trend: VDI
Conclusion
References