Tripwire Collaborates with NIST on New Guide Available to Help Healthcare Providers Secure Medical Imaging Data
PORTLAND, Ore. – September 16, 2019 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced that it has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a project to help healthcare delivery organizations secure the Picture Archiving and Communication System (PACS).
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. I’m excited to share that the NCCoE has just released draft practice guide NIST Special Publication 1800-24, Securing Picture Archiving and Communication System.
This practice guide aims to help healthcare organizations reduce the risk of malicious actors compromising the confidentiality, integrity and availability of the PACS ecosystem. Standards and best practices were used to deploy strong authentication solutions that use open and scalable standards. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.
This practice guide demonstrates how commercially available technologies, like Tripwire Enterprise®, can be integrated with existing tools to support asset management through secure configuration management (SCM) and file integrity monitoring (FIM) capabilities.
“Advancements in medical imaging technology are helping patients get diagnosed and treated more quickly and effectively. But unsecured systems can open the door to breaches of patient data and could potentially risk patient safety,” said Jennifer Cawthra, NIST NCCoE healthcare sector lead. “Our Securing Picture Archiving and Communication System guidance shows how healthcare delivery organization can take advantage of these technologies while also ensuring patient data is protected.”
“Maintaining secure and compliant configurations is critical to any organization’s system integrity, especially in complex and highly sensitive environments such as healthcare,” said Tim Erlin, vice president of product management and strategy. “To minimize the attack surface and reduce risk of inadvertently exposing data, healthcare systems should be configured properly and then monitored for any changes that could weaken security or result in non-compliance.”
*While the example implementations use certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.
Tripwire is the trusted leader for establishing a strong cybersecurity foundation. Partnering with Fortune 500 enterprises, industrial organizations and government agencies, Tripwire protects the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Tripwire’s award-winning portfolio delivers top critical security controls, including asset discovery, secure configuration management, vulnerability management and log management. As the pioneers of file integrity monitoring (FIM), Tripwire’s expertise is built on a 20+ year history of innovation helping organizations discover, minimize and monitor their attack surfaces.