Virtual Health
Physical Security
Availability
The Enemy
Healthcare Security
100

What Helios System or Template no one is allowed to change?

What is VH Gold?

100
The list of computers, laptops, software, equipment owned by an organization.
What is Inventory?
100
An identifier that uniquely tracks actions to individuals.
What is an Account? (or Login ID)
100
Is the risk presented to an organization by current or past employees who have knowledge of how the organization works and what and where the most valuable (damaging) information might reside.
What is Insider threat?
100

This common security protocol is often used to protect the transmission of patient data over the internet.

What is SSL/TLS?

200

What kind of security control is being used in Adam's home to prevent the bears from entering his home? 

What is Deterrent control? (gates, walls, fences, and bollards are designed to deter, delay, and deny, unauthorized access and threats to a site)

200
Overlapping layers of protection put in place so that if one layer fails other layers succeed in protecting is known as....
What is Defense in Depth?
200
To apply or maintain permissions to prevent an account from getting information they are not authorized to see while making the information available to those who are authorized.
What is Access Control?
200
They are people who traditionally tried to gain access to computers remotely to learn more and for intellectual curiosity. Currently, they only make up 17% of computer intrusions.
Who are hackers?
200

Healthcare providers are required to notify affected individuals within this many days after the discovery of a data breach under the U.S. HIPAA Breach Notification Rule.

What is 60 days?

300

This regulatory act in the United States establishes national standards for electronic health care transactions and code sets.

What is the Health Insurance Portability and Accountability Act (HIPAA)?

300
The use of personality, inowledge of human nature and social skills to steal passwords, keys tokens or other credentials to gain access to systems.
What is Social Engineering?
300
Functional managers classify data and grant approval to those whose jobs require access to the information.
Who are Data Managers?
300
These are well run groups of crooks who methodically look for computer vulnerabilities to steal large numbers of financial or credit card accounts for financial profit.
Who are organized crime groups?
300

This term describes the process by which old patient records are rendered unreadable, either digitally or physically.

What is Data Destruction?

400

This two-factor authentication process at Virtual Health verifies the identity of a user by combining something they know with something they have.  

What is Token-Based Authentication?

400

This action involves physically following an authorized person to gain access to a restricted area or building.

What is Tailgating? (Always kindly ask anyone whom you may not know to introduce him/herself)

400
As a result of the VA breach in 2006 where PII of over a million veterans was lost, it is now a requirement to delete all sensitive data extracts on individual computers after this number of days.
What is 90 days?
400
They are structured groups funded by other governments and dedicated to mapping out the internet addresses for the purpose of espionage and possible computer attacks.
What is state sponsored hacking?
400

Name the unauthorized practice where cybercriminals lock access to a healthcare organization's data and demand money to release it.

What is Ransomware?

500

This principle ensures that no single individual has control over all aspects of any critical transaction.

What is Separation of Duties? (no single Security/IT engineer at VH has access to all tools and infrastructure, we separate distribute it and utilize secondary approvals, even within the team)

500
A necessary process to limit the kinds of hardware and software which minimizes the number of different vulnerabilities and reduces exposure to security weaknesses.
What is Standardization?
500
It is a word or phrase that verifies that you and only you had access to the account.
What is a Password?
500
The weakest link in every computer system. The one person who can through thoughtlessness, unawareness or accident, cause loss of work products through deletion, corruption or improperly safeguarding data.
Who are you? (Who am I?)
500

This non-profit organization offers a set of guidelines and standards for the secure design and use of health IT systems.

What is the National Institute of Standards and Technology (NIST)?

M
e
n
u