Cedars-Sinai and Others Use On-Demand Security Audit and Vulnerability Management to Protect Patient Data and Ensure HIPAA Compliance
Redwood City, CA — May 7, 2003 — Qualys, Inc., the leading provider of on-demand security audit and vulnerability management solutions, today announced the rapid adoption of its QualysGuard service by leading healthcare organizations across the country. Members of the healthcare industry are subscribing to the QualysGuard service to regularly audit the security of their networks in order to protect patient information and maintain a secure infrastructure. In addition to enhancing network security, healthcare organizations use the QualysGuard service to comply with the many complexities of the Health Insurance Portability and Accountability Act (HIPAA).
New healthcare customers utilizing QualysGuard for regular security audits, vulnerability management and remediation workflow for network security and HIPAA compliance include Cedars-Sinai Medical Center, St. Peter’s Health Care Services of New York, Cincinnati Children’s Hospital and others.
“The privacy and security of our patients’ information is a fundamental requirement at Cedars-Sinai,” stated Ray Duncan, director, technology & architecture at Cedars-Sinai Medical Center, the largest nonprofit hospital in the Western United States. “Qualys provides us with a third-party capability to audit our networks for vulnerabilities and provide verified fixes immediately. With an automated process, we have significantly reduced our costs for network security audits.”
Under the HIPAA healthcare regulations, hospitals and other organizations must provide certification, risk assessment, and ongoing testing of their ability to protect their network security. The act states that, “security is not a one time project, but is an on-going, dynamic process.” Under these guidelines, more strenuous security testing and auditing by a trusted, impartial third-party becomes a requirement for compliance. QualysGuard’s security auditing and vulnerability management capabilities make HIPAA compliance dramatically easier by automatically fulfilling many of the act’s Administrative Procedures for security management, certification, contingency plan, security management process, personnel security, and training.
“QualysGuard is an integral part of our security policies and practices,” stated George Zimmerman, Internet administrator at St. Peter’s Health Care Services, provider of a comprehensive, integrated continuum of care in New York’s Capital Region. “It streamlines a variety of complex auditing and testing procedures such as identifying devices, finding vulnerabilities and assisting in the repair process. Without having to add more technical staffers, the automation of security audits helps us quickly meet most of the key administrative procedures as outlined by HIPAA.”
The QualysGuard service provides healthcare organizations with comprehensive, on-demand security audits; extensive reports on vulnerabilities, including severity levels, business impact, time-to-fix estimates, and trend analysis; and one-click links to validated remedies. As a Web service, QualysGuard enables immediate compliance with key HIPPA security regulations by allowing subscribers to scan their perimeter-facing hosts with Qualys Remote Scanners, internal hosts with QualysGuard Intranet Scanner, and manage both with a common Web interface. Since QualysGuard automates the audit process, it helps security managers quickly realize a fast and cost-effective compliance path for federal regulation without the extra cost of software or hardware deployment and maintenance.
“At Cincinnati Children’s Hospital we use the Internet to help an excess of 1,000 clinicians and medical personnel to remotely access patient data via the hospitals extranet, so network security is of utmost importance to us. With the rapidly evolving world of vulnerabilities, we quickly realized that running manual scans daily was too time and resource intensive, and we would need another resource to help us to stay on-top of these network threats,” stated Michael Belmont, director of information security systems at the 340-bed hospital. “By utilizing QualysGuard, we are able to run network audits every night, and secure vulnerabilities before they can be exploited, helping us comply with HIPAA recommendations.”
In addition to meeting HIPAA security requirements, QualysGuard provides the most effective means to better network security. Many security breaches result from weaker network perimeters due to multiple new entry points such as wireless access and virtual private networks. On-demand audits quickly find these vulnerabilities and help counterbalance the rising complexity of managing security patches and configuration updates.
“With the new requirements outlined by HIPPA, healthcare organizations must have a way to quickly, accurately and cost effectively conduct a verified audit of their network security,” stated Philippe Courtot, Chairman and CEO of Qualys. “As a Web-based service, QualysGuard enables organizations to ease the compliance process with automated and unalterable audits that can be performed as often as desired and at a significantly reduced cost compared to manual audits. QualysGuard’s audit reports provide an indelible audit trail that records when the security audit was performed, what was discovered and when the repairs were successfully implemented.”
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.