Major health care organisations adopt QualysGuard on-demand security platform

Redwood Shores 07 May 2003Qualys Inc., a provider of on-demand security audit and vulnerability management solutions, has announced the rapid adoption of its QualysGuard service by major health care organisations across the United States. Members of the health care industry are subscribing to the QualysGuard service to regularly audit the security of their networks in order to protect patient information and maintain a secure infrastructure. In addition to enhancing network security, health care organisations use the QualysGuard service to comply with the many complexities of the Health Insurance Portability and Accountability Act (HIPAA).


New health care customers utilising QualysGuard for regular security audits, vulnerability management and remediation work flow for network security and HIPAA compliance include Cedars-Sinai Medical Center, St. Peter's Health Care Services of New York, Cincinnati Children's Hospital and others.

"The privacy and security of our patients' information is a fundamental requirement at Cedars-Sinai", stated Ray Duncan, director, technology and architecture at Cedars-Sinai Medical Center, the largest non-profit hospital in the Western United States. "Qualys provides us with a third-party capability to audit our networks for vulnerabilities and provide verified fixes immediately. With an automated process, we have significantly reduced our costs for network security audits."

Under the HIPAA health care regulations, hospitals and other organisations must provide certification, risk assessment, and ongoing testing of their ability to protect their network security. The act states that "security is not a one time project, but is an on-going, dynamic process." Under these guidelines, more strenuous security testing and auditing by a trusted, impartial third-party becomes a requirement for compliance. QualysGuard's security auditing and vulnerability management capabilities make HIPAA compliance dramatically easier by automatically fulfilling many of the act's Administrative Procedures for security management, certification, contingency plan, security management process, personnel security, and training.

"QualysGuard is an integral part of our security policies and practices", stated George Zimmerman, Internet administrator at St. Peter's Health Care Services, provider of a comprehensive, integrated continuum of care in New York's Capital Region. "It streamlines a variety of complex auditing and testing procedures such as identifying devices, finding vulnerabilities and assisting in the repair process. Without having to add more technical staffers, the automation of security audits helps us quickly meet most of the key administrative procedures as outlined by HIPAA."

The QualysGuard service provides health care organisations with comprehensive, on-demand security audits; extensive reports on vulnerabilities, including severity levels, business impact, time-to-fix estimates, and trend analysis; and one-click links to validated remedies. As a Web service, QualysGuard enables immediate compliance with key HIPAA security regulations by allowing subscribers to scan their perimeter-facing hosts with Qualys Remote Scanners, internal hosts with QualysGuard Intranet Scanner, and manage both with a common Web interface. Since QualysGuard automates the audit process, it helps security managers quickly realise a fast and cost-effective compliance path for federal regulation without the extra cost of software or hardware deployment and maintenance.

"At Cincinnati Children's Hospital we use the Internet to help an excess of 1000 clinicians and medical personnel to remotely access patient data via the hospitals extranet, so network security is of utmost importance to us. With the rapidly evolving world of vulnerabilities, we quickly realised that running manual scans daily was too time and resource intensive, and we would need another resource to help us to stay on-top of these network threats", stated Michael Belmont, director of information security systems at the 340-bed hospital. "By utilising QualysGuard, we are able to run network audits every night, and secure vulnerabilities before they can be exploited, helping us comply with HIPAA recommendations."

In addition to meeting HIPAA security requirements, QualysGuard provides the most effective means to better network security. Many security breaches result from weaker network perimeters due to multiple new entry points such as wireless access and virtual private networks. On-demand audits quickly find these vulnerabilities and help counterbalance the rising complexity of managing security patches and configuration updates.

"With the new requirements outlined by HIPAA, health care organisations must have a way to quickly, accurately and cost-effectively conduct a verified audit of their network security", stated Philippe Courtot, Chairman and CEO of Qualys. "As a Web-based service, QualysGuard enables organisations to ease the compliance process with automated and unalterable audits that can be performed as often as desired and at a significantly reduced cost compared to manual audits. QualysGuard's audit reports provide an indelible audit trail that records when the security audit was performed, what was discovered and when the repairs were successfully implemented."

Qualys Inc. provides a comprehensive, on-demand security audit and vulnerability management service for the enterprise. With Qualys, organisations can effectively gain control over their network security by auditing their networks regularly and managing their vulnerabilities to remediation with centralised reports and one-click links to verified remedies. Because the service is delivered over the Web, enterprises can run network security audits anytime, and get the results delivered in minutes without the cost of software or hardware deployment and maintenance.

Qualys is headquartered in Redwood Shores, California, with global offices in France, Germany and the United Kingdom. More than 1000 subscribers rely upon QualysGuard for their network security audits and vulnerability management including ABN-AMRO, Adobe Systems, Apple Computer, AXA, Bank of the West, BASF, BlueCrossBlueShield, Cartier, Cedars-Sinai Medical Center, the Federal Reserve Bank of New York, Fireman's Fund, Hewlett-Packard, Rockwell Automation, The Thomson Corporation, and TIAA-Cref.

Leslie Versweyveld

[Medical IT News][Calendar][Virtual Medical Worlds Community][News on Advanced IT]