7 Step Checklist to secure your healthcare data

[{"selector":"#anim-1fd59407-920b-4789-b6cc-0f73f594cac1","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-8741e869-e5d8-4abb-8765-7cbb910def83","keyframes":{"transform":["translate3d(0px, 147.40740%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

Cloud

[{"selector":"#anim-714c18ad-aa79-4999-a3a6-23bf09488478","keyframes":{"opacity":[0,1]},"delay":15,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Use Different sub-account for each environment Least Privilege principle access for each user. Create the right IAM policies Use KMS to store and manage keys Use encryption for database, and s3 buckets for compliance End-to-end data encryption in transition state using SSL certificates Strictly use Multi-Factor Authentication for all user login Separate database instances for each environment in the private subnet Enable cloudTrail for logging account activity Use secret managers to protect secrets needed to access your applications, services and IT resources Must Have Good To Have

Storage

[{"selector":"#anim-8f6d0cd9-2515-4f65-a3ae-4b52561c4380","keyframes":{"opacity":[0,1]},"delay":0,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Role-Based access control to storages Periodically storage backups Use provided native encryption capabilities (KMS Keys) for encryption data at rest Enable logging and auditing to monitor storage activity Must Have Good To Have

Operating System

[{"selector":"#anim-9fc12f0d-8756-4bff-af0d-8bb1d25b10b2","keyframes":{"opacity":[0,1]},"delay":0,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Automated Hardening/ secure configuration, self-healing Patch management of applications and libraries of the operating system Creating secure accounts with required privilege's only (i.e, user management) Must Have

Logging And Monitoring

[{"selector":"#anim-2f362ff7-8b7a-4ff0-81ce-eab0e6b57ba3","keyframes":{"opacity":[0,1]},"delay":0,"duration":1500,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Role-based access control to monitoring tools Must Have Resource Monitoring System and application logs monitoring Automated security information and event alerting on slak and email etc Good To Have

CI/CD Toolkit

[{"selector":"#anim-d698d109-45a4-46bb-ae7f-6daf8fe5fe0b","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Authorized login only Role-based access control for a user to give the only project-specific access to the user Developers can only see the logs Only admin can create a user No build runs on the master node to prevent programs from accessing the Jenkins home directory and other server files Use Docker containers as Linux agents (nodes) Jenkins pipeline for each environment has IAM users (with required access only) for accessing the AWS resources during the execution Only whitelisted IPs can connect to the Jenkins server using ssh Clean workspace directory (source code) as soon as build finishes Update Jenkins and plugins regularly Must Have Use credentials to store and mask sensitive data such as token or API keys Good To Have

SCM Platforms

[{"selector":"#anim-9f35e766-b281-406e-8254-daa1b01bfcbd","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Only the account owner can create or delete the repository Only the project manager has the admin permission of repositories The only Project manager/lead should have written access to main branches Delete protection for main branches No secret or environment files should be pushed to the repository Only developers working on the project will have access to the repository Use ssh keys to access remote git repositories Update git periodically to keep safe from vulnerabilities Must Have The master branch has only the production code Require two-step authentication for every bitbucket/GitHub user account Static analysis tools detect Code-smells, bugs, and vulnerabilities. Use CodeGrip or a similar tool to scan repository code, generate reports, and notify over slack Good To Have

Source Code

[{"selector":"#anim-24b913af-8e0d-45e5-8079-797757b50ff4","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] Follow OWASP Secure Coding Practices (Codegrip like tool can scan this) Strictly avoid the use of credentials in source code. AWS access key and secret key etc Use secure and updated IDE's and plugins Must Have Treat each activity as an event and log each event that happens Use static analysis security testing tools (SAST) like CodeGrip Code review for each pull request Dependency-check to identify any known vulnerable components Good To Have

To Read More About Healthcare Data Security

[{"selector":"#anim-5e7e2eeb-1be8-4429-8afb-442fdcd7b56c","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-bb58fe63-c86e-46e5-ae1a-8f4d45e80982","keyframes":{"transform":["translate3d(0px, 425.15878%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b6740431-a93f-44c3-95ea-39467bf0bd39","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-0f673af7-72b4-4f14-b67b-d8045c1a615f","keyframes":{"transform":["translate3d(0px, 515.47120%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] Arrow Read More