Pub. 7.30.08 by vendor

Expanding on the success of its Payment Card Industry (PCI) for Retail Solution, Cisco Systems, Inc. today introduced its first validated architecture to address PCI compliance in healthcare settings. Specifically, the PCI Data Security Standard is providing healthcare organizations with a prescriptive model for how to safeguard patient financial transaction data and other personally identifiable information that is captured and processed within a healthcare facility or settings such as retail pharmacies.

The PCI for Healthcare Solution offers comprehensive design and implementation guidance to protect credit card, sensitive patient demographic, and employee information. Cisco's PCI solutions for healthcare and retail offer a holistic approach to specific data security challenges. Cisco also announces its membership in the PCI Security Standards Council to help shape future data security policy.

Survey data tells us that healthcare consumers are just as concerned that their identity may be stolen or abused as they are that private information will be released," noted Frances Dare, director, Cisco Internet Business Solution Group (IBSG) healthcare practice. "The PCI standards help a wide range of healthcare organizations protect essential patient demographic and financial information in addition to the tremendous work by hospitals and others to protect personal clinical data," Dare said.

Security Solutions for Healthcare External data security related attacks on the healthcare industry have increased 85% between January 2007 and January 2008(1). One challenge is that one in four healthcare executives does not know where their sensitive data is located(2). Also, many organizations do not have a security framework in place to provide optimal protection.

The prescriptive nature of Cisco's PCI for Healthcare solution strengthens the Cisco Medical Grade Network design architecture by establishing a model to secure sensitive data while at-rest and in-motion. It also offers broader enterprise policy direction on how healthcare organizations should protect critical assets such as patient medical and financial information.

Beyond the new PCI standards for healthcare, data security is an increasing area of focus for both health organizations and Cisco. Both Cisco's Unified Wireless Networks and Ironport email security appliances have received endorsement from the American Hospital Association.

The privacy of patient information is foundational to the healthcare industry," said John Halamka, MD, CIO of Harvard Medical School and CIO of CareGroup Health System. "The new PCI security standards are important additions to the larger data security picture for health organizations," noted Dr. Halamka, who also serves as chairman of the Health Information Technology Standards Panel. "In addition to these standards, legislation currently moving in Congress signals other security requirements that may soon affect healthcare. This is an important time for healthcare leaders to strengthen their security policies, practices and technologies."

PCI Solution for Retail Protecting customer credit card information has been at the forefront of retailers' minds for several years. Data theft is also moving downstream from large retail organizations to include regional chain store establishments.

Announced at the National Retail Federation show in January, Cisco's PCI Solution for Retail is a set of PCI reference architectures designed to help retailers manage the complexities associated with the PCI Data Security Standard. The solution includes design recommendations for securing remote environments such as retail stores, e-commerce sites and data centers. The Cisco PCI Solution for Retail has been tested and deployed in Cisco's labs and validated for both the wired and wireless environment by outside PCI auditor (QSA) Verizon Business.

In an era of declining consumer confidence, it is more important than ever to deliver a seamless secure payment experience to our customers," said Carrie Peters, vice president of information technology of Jones-Onslow Electric Membership Corporation. "Cisco understands the specific challenges retailers are facing and has helped Jones-Onslow create a comprehensive approach to securing sensitive customer information."

Data Security Challenges for Vertical Markets

Moving forward, it is important to recognize that protecting critical assets within an organization is an ongoing systems process rather than simply a checklist of items to meet compliance requirements. Four key areas to ensure that an organization's critical assets are secure include:

1. Education: Identify what the business critical data assets are and where these assets are located.
2. Operations (Process): Safeguard critical data while "at rest" and "in motion." Isolate access to those assets and network segments where the assets are with a layered defense approach.
3. Regulatory and Corporate Policy Compliance: Adopt a security program
   that focuses on safeguarding critical data and addresses government and regulatory compliance requirements such as Sarbanes-Oxley, PCI, and HIPAA.
4. Technology: Implement a solid security infrastructure and portfolio of technologies that satisfies the education, operations and policy steps.

Recommend this article...

Comment

Only registered users can write comments.
Please login or register.