White Paper - Healthcare: Mobile Security

_Val_ · ‎2019-05-13

Author

Abstract:

Protection for mobile devices that have patient care applications requires a modern solution to prevent an attack. Providing continuous enhancements to the product is also essential because of the rapid nature of modern cyber-attacks. It needs to evolve over time to incorporate new features yet remain flexible to manage.

Check Point offers a unique product in Sandblast Mobile (SBM) to meet the specific requirements (HIPPA) for the healthcare industry and protects mobile devices from next generation cyber-attacks. It is built with the latest, cutting-edge technology in the industry for both Android and Apple devices delivering on network, OS and application layer protection. It offers a 100% cloud infrastructure. With this architecture healthcare IT teams are able to onboard customers faster. Organizations with existing MDM / EMM solutions are able to integrate with SBM for easy deployment. Thus, enhancing their security posture without
disrupting the current on premise protection. With a built-in Check Point VPN there is no disruption to hospital workflows. An incident will automatically trigger the system by directing traffic to a secure path. Therefore, it does not disrupt the patient experience. It also provides protection on phishing SMS attacks on all applications. Additionally, it delivers granular policy segmentation to protect various satellites sites and hospitals under the organization. This allows easier management over the course of time. Distributed patient devices are also protected with location tracking and safe browsing to meet the organization’s standards.

For the full list of White Papers, go here.

Kim_Moberg · ‎2019-06-15

Hi @_Val_ and @Ed_Gonzalez and @Pamela_S__Lee

Interesting sales material but also having some technical aspect in it.

I had the possibility to test the app for a trial of 30 days on my mobile phone last year during my summer vacation.

Through this trial Sandblast Mobile was showing “GREEN” equal everything is all right. I did not experience any untrusted trying to do man-in-the-middle attack or if I had downloaded any malicious application or accessing any websites running hidden scripts to install any incriminating software.

Well I know this is good and I think it is also good that I did not experience any “RED” alerts because then it’s bad.

I totally understand the Sandblast Mobile idea and why one needs to cover this attack vector too whether it's in healthcare or any organisation. Me too have implemented it in our the organization too.

I haven’t yet found any or read or seen any PoC were it actually did prevent an attack and any actual breach report where Sandblast Mobile was involved in a data breach and prevented the attack.

I could image companies using WhatsApp and being vulnerable with the latest hack; The NSO WhatsApp Vulnerability. Attackers only need to issue specially crafted VoIP calls to the victim in order to infect it with no user interaction required for the attack to succeed. As WhatsApp is used by 1.5bn people worldwide, both on Android phones and iPhones, the messaging and voice application is known to be a popular target for hackers and governments alike.

Do you have any stories from the CIRT and CPR team where did prevent attack in this mobile vector?

I know Check Point are inviting people to Usertalks and they can hear real user stories but don’t you have any stories available online?

Any are one able to send logs to a centralized log server on-premise?

Best Regards
Kim

_Val_ · ‎2019-06-16

@Kim_Moberg 30 day eval is jsut one of the evaluation forms. Please refer to your local CP office, they will be happy to set up deeper staging for you, I am sure.

Due to my knowledge, we did experience red alerts during PoC stages with some of the customers, so that MIGHT happen.

For the stories, although there are some, it is usually very hard to have a customer stepping forward to share those.

Are you a member of CheckMates?