An Oracle blog about Oracle Enterprise Manager and Oracle Management Cloud
- January 22, 2021
Secure Linux Configuration for HIPAA Compliance with Enterprise Manager
In 2020, there was a substantial increase in the number of breaches and incidents reported in the Healthcare vertical. In fact, the number of confirmed data breaches in Healthcare increased from the previous year according to Verizon’s Data Breach Investigations Report. Misconfiguration was one of the vehicles for these data breaches that included compromised personal information, medical details and other credentials. These enabled external and/or internal actors to steal data that is then used for financial fraud. With the ever-present danger of increased security breaches, protecting these sensitive data is critical. Health Insurance Portability and Accountability Act (HIPAA) provides guidance for securing healthcare information.
Introducing HIPAA Security Rule
The HIPAA Security Rule establishes U.S. national standards to protect individuals’ Electronic Personal Health Information (EPHI) that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
HIPAA Security Rule is organized into six sections, three of which are relevant for configuring and ensuring security of IT systems containing electronic protected health information (EPHI). Each of these sections have standards defined as shown below
These Standards are designed to ensure secure configuration of IT Systems and to prevent fraudulent use of health information
Oracle Enterprise Manager 13c Release 4 Update 9 (13.4.0.9) supports out-of-box HIPAA Security Rules to secure configuration of all flavors of Linux environments at scale for securing of electronically protected health information. You can continuously monitor for compliance thus protecting your customers' personal health information
With this, you can check for any misconfiguration and deviations from the security rules defined in HIPAA Security Standard. You can find answers for questions like:
- Do users have proper and minimal access controls?
- Is System auditing configured to log and monitor all activities?
- Is the Linux host configured and compliant with security best practices?
HIPAA Standards for Linux host is part of Oracle Enterprise Manager Database Lifecycle Management. This will enable continuous monitoring of the security posture of Linux host configuration against the Security Standard ensuring the configurations of their critical host infrastructure assets align with consensus-based HIPAA security standards.
Below is a screenshot of Security Compliance Standards in Enterprise Manager Compliance Framework.
There are 140 unique security rules in HIPAA Standard that ensures comprehensive secure monitoring of Linux host configuration and are categorized into:
You can use out-of-the-box Standard or customize to align your IT Security Policy, and associate Linux assets to start continuous monitoring for any configuration vulnerability and check for compliance
You can also get insight into a compliance score distribution of all assets across your data center that indicates compliance with your IT Security policy
For more information, see SCAP Supported Standards in the Oracle Enterprise Manager Cloud Control Compliance Standards Reference.