Third Brigade Helps Shield Vulnerabilities in Electronic Health Record

Sept. 24, 2007
Host IDS/IPS addresses key findings of eHealth vulnerability reporting program

Ottawa, ON, and Reston, VA, September 20, 2007. In response to recent findings of the eHealth Vulnerability Reporting Program (eHVRP) study announced on Monday, Third Brigade, a security software company specializing in host intrusion defense, today announced an initiative to 'quick start' the delivery of enhanced security for EHR systems. Third Brigade's host-based intrusion detection and prevention system (IDS/IPS) shields vulnerabilities that exist in EHR systems, and addresses a core recommendation recently made by the eHVRP.

Under the "Quick Start for Healthcare" initiative, healthcare providers can download Third Brigade's host IDS/IPS agent software for a free 30-day evaluation. The agent includes security policies that shield vulnerabilities in over 100 applications commonly relied upon by enterprises including healthcare providers. Filters that shield newly discovered vulnerabilities are automatically delivered to healthcare providers within hours, and can be pushed out to hosts in minutes, without a system reboot, thus ensuring rapid time-to-protection. The quick start program helps demonstrate the immediate effectiveness of host IDS/IPS to enhance EHR security, highlights the ease-of-use of Third Brigade's solution, all with minimal impact on host or IT resources.

Healthcare providers can register for the 30-day evaluation at: http://downloads.thirdbrigade.com/quickstart_healthcare/ .

"We recognize that EHR applications – like all feature-rich enterprise software – have inherent vulnerabilities, and that it's ultimately our responsibility to protect them," said Leo Dittemore, Director, IS Security, HealthCare Partners Medical Group. "Third Brigade's Host IDS/IPS is a cost-effective compensating control, is easy to use and has had no noticeable impact on our IT operations. Any healthcare provider implementing an EHR should also be evaluating host IDS/IPS."

"By acknowledging that vulnerabilities exist within EHR systems, and that effective compensating controls exist, the healthcare industry has taken an important step in further ensuring the security of their critical applications, and the protection of private data," said Wael Mohamed, President and CEO of Third Brigade. "Our best-of-breed solution is uniquely suited to industry leaders that recognize their responsibility in providing comprehensive, proactive protection."

The eHealth Vulnerability Reporting Program conducted a 15-month study to assess the security risks associated with eHealth systems, particularly EHR systems. The eHVRP report highlighted a number of key points including the fact that:

1. EHR applications have vulnerabilities consistent with other complex applications

2. EHR vulnerabilities can be exploited to gain control of the application or access to data.

3. Existing security mechanisms and practices adopted by the customers and developers of EHR applications do not address these vulnerabilities and therefore leave these systems unnecessarily exposed to exploitation.

Specifically, the eHVRP report recommends implementing compensating controls to protect eHealth systems.

Third Brigade's advanced, software-based, host intrusion detection and prevention system (IDS/IPS) shields vulnerabilities that exist in EHR systems, as well as the operating systems (Windows, Solaris, Linux and other Unix systems), and enterprise applications, such as web and database servers, they rely on. By shielding vulnerabilities in critical and hard to patch systems within hours of their disclosure, it allows patches to be deployed on a more efficient, scheduled basis, with minimal impact on host or IT resources. Third Brigade's security solution also delivers detailed reports that demonstrate the security status of hosts, at any point in time, for auditing and compliance requirements.