Reference no: EM132501370 , Length: 2 pages
GetWell - Scenario (Background info.)
GetWell is a North American healthcare services company. They sell medical equipment and data analytics services to health and hospital systems.
GetWell:
has remote employees that carry laptops with sensitive PHI information. These remote employees primarily perform initial set up of the GetWell tablets that are installed at their Client (hospitals) locations, and integrate with the Client's IT infrastructure using Wi-Fi.
employees use Microsoft's Software As a Service (SaaS) for office productivity applications such as email, Office, SharePoint, OneDrive. Employees access these services using their workstations from anywhere in North America.
data center has a mix of infrastructure (network, server) that houses 20 million PHI, PII, and credit card records.
products operate in hospitals across the US and Canada in the form of tablets. The tablets communicate with GetWell's data center, and transmit sensitive PHI, PII, and credit card data.
medical devices are surgically implanted in Patients who have heart disease. The medical devices have Wi-Fi connectivity, and send status updates and receive configurations through Wi-Fi from GetWell's data center.
earns $200M annual revenue, serves over 20 million patients
operates in a highly regulated environment, with PCI DSS and HIPAA being key private and federal regulations
Interacts with their Clients through custom developed web sites and web services that allow Clients to view, update, and download Patient information. Each Client user has an account on GetWell's Client Portal website and can view Patient PII, PHI, and cardholder data.
Interacts with their custom-developed tablet devices and medical devices through custom developed web sites and web services
Interacts with Patients through custom developed web sites and email. Patients have an account on GetWell's website where they can see lots of data on their medical condition and how their medical device is operating.
Project Deliverables
Design Information Security controls for securing the assets of Getwell. For each control recommended, there should be an explanation on
The asset at stake
Threats against which protection is needed
Risk of not implementing a control
PowerPoint presentation - 4 slides
Write-up for 2 pages
Attachment:- Project.rar