In the medical office in which I briefly worked a few years back, we had some interesting internal customs, but one thing that stuck out was the HIPAA sheriff.
Once Upon a Time on the Desk
One day, the boss came by and wordlessly dumped a cheap toy sheriff star and a set of plastic handcuffs on my desk.
I asked around, and was told that because I had left a paper on my desk face-up, I was the designated “HIPAA sheriff.” My job was to look around, find someone else leaving unattended physical or network data, and pass on the sheriff’s regalia to them.
The whole thing was a little bit like being served court documents. As strange as it seemed, though, the HIPAA sheriff game put everyone quickly on notice: no amount of precious PHI could remain visible from our workstations, whether it was on an open screen, or on paper. Documents on the way to the trash had to be guarded closely, and screen-savers vigilantly installed. It was an early form of HIPAA Network Security before Network Security really developed into what is today.
Over the years, we used to joke about the extent to which the recursive nature of HIPAA complicated everything in health care, positing the need for a second HIPAA sheriff to police the first one, etc., or a locked box for a key to open another locked box. This all culminated in a set of infinite nested procedures that finally revealed what we all knew from the start – 100% security just doesn’t exist.
Later, I was astounded to hear that large fancy installations in the medical network’s health campus atrium, things like a massive fountain and a self-playing grand piano, were put there “for HIPAA.”
The Good, the Bad and the Ugly
Lots of medical professionals have their own HIPAA stories, such as a bizarre set of cards to color code patients to avoid having to announce their names, or the building of byzantine confessional-style booths for patient registration, so that no one would overhear some whispered bit of medical history.
You’re probably asking yourself what this has to do with network security? A lot, actually.
These days, so much of what we do is done online and over mobile networks; security experts (and the rest of us) are realizing that a lot of the kinds of data breaches that matter are done through network hacking. Sure, somebody could break into an office and rummage through paper documents, but these days, they’re more likely to build a Trojan virus or something that opens up a hole in a network, and waltz right in.
Cyberthreats were scary back in the days when Matthew Broderick was just a little chap playing ‘war games’, but they’re very real now. That means digital security professionals, who are so much in demand, are applying the same kinds of rigid scrutiny to corporate networks that the HIPAA sheriffs apply to medical offices.
Simply put, you have to guard the exits, and man the halls. You have to monitor every network endpoint. You have to treat a network as a multi-segmented organism instead of just a single container.
Today, real network security goes well beyond firewalls and antivirus programs. It extends beyond the perimeter, to the internal nuts and bolts of data transfer systems, to each bit of middleware and every cloud gateway. Of course, this is a lot more developed than the HIPAA Network Security I was loosely in charge of in that medical office.
SentinelOne’s platform-based approach contemplates the nature of today’s cybersecurity world.
Its next-generation endpoint protection system, Endpoint Protection Platform, targets threats by identifying “patterns” and promoting rapid, automatic responses designed to scrub out malware and hacking code, and refresh a system back to a protected status.
The bottom line is that companies are out there, scrambling in some of the same ways that healthcare businesses did after HIPAA implementation. If they are paying attention to what’s going on, they understand that network security is top priority, and that if it’s going to be effective, someone needs to be creative.
Ask SentinelOne about how to deploy comprehensive network security tools to put a business on the vanguard of real-world network protection.