HIPAA Compliance with WatchGuard Firewalls 

When talking security, healthcare providers will always be one of the largest entities impacted if standards are not set correctly.  Given the requirements set through HIPAA, protecting medical information is critical.  Through the WatchGuard firewall we can configure several pieces to ensure this personal data is secure. 


Deep Packet Inspection

By implementing Deep Packet Inspection (DPI) through the firewall, we can ensure all web traffic is being properly filtered.  Without DPI, HTTPS traffic passes the firewall without proper analysis.  This is a critical threat, given that over 72% of websites now operate as HTTPS.  It is estimated that 90% of all web traffic will be HTTPS by the end of 2019.  This means that malicious content could be getting into the network, but also that individuals inside of the network could be sending out sensitive data.  Many of the security services on the firewall do not properly operate on HTTPS traffic without DPI, so it is imperative it be implemented.  


For more information on Deep Packet Inspection:


Data Loss Prevention

Data Loss Prevention (DLP) is a WatchGuard Subscription Service targeted specifically at preventing data loss.  This service relies on setting sensors that identify certain types of traffic leaving the network through email, FTP and web traffic.  


DLP has a pre-defined HIPAA sensor that looks for such things as medical patient forms, National Provider Identifier (NPI) information, and social security numbers.  There is also the option to select from numerous other sensors, based on the organization’s preferences.

HIPAA Compliance DLP Sensors Screenshot
DLP pre-defined HIPAA Sensor screenshot

NOTE: Data Loss Prevention is a service that relies on DPI in order to be fully utilized on web traffic.


Traffic Auditing

An important standard dictated by HIPAA is the ability to audit traffic.  Through WatchGuard’s local version of Dimension or their new WatchGuard Cloud Visibility environment, traffic can be monitored to ensure sensitive data is not at risk.  In the event there is ever suspicious activity, these logging standards would assist in tracking down the issue.


Multi-Factor Authentication

Ensuring that users are who they say they are is a critical piece of HIPAA compliance.  By implementing WatchGuard’s MFA service AuthPoint, users would have to not only have their credentials but also have access to the MFA authorization.  This can be implemented on mobile VPNs as well as through other services such as Active Directory authentication. 

 
WatchGuard Multi-Factor Authentication Screenshot
 

Ongoing Security

In addition to firewall configurations, it is imperative that healthcare providers also go through yearly security testing to ensure the other areas of the network are also secure.  If you are interested in working with JSCM Group to ensure your environment meets HIPAA standards, Contact Us today.