Ends March 1! GIAC Certification Attempt Included or $400 Off with SANS OnDemand and vLive Training!

Community SANS

New York, NY | Thu Apr 20 - Fri Apr 21, 2017
Event starts in 56 Days


Please note that early bird discounts do not apply to Hosted courses.

Health Care Security Essentials

The targeting and theft of sensitive health information continues to challenge covered entities and business associates alike. Increased regulation combined with a dynamic threat landscape require today's health care leader to have a clear understanding of relevant legislation and how to measurably defend patient data and related systems.

Health Care Security Essentials is designed to provide attendees with an introduction to current and emerging issues in health care information security and regulatory compliance. The class provides a foundational set of skills and knowledge for students through the integration of case studies, hands-on labs, and defensible control considerations for securing and monitoring electronic protected health information ("ePHI"). In this class, students will learn about actual attacks and incidents that have affected health care organizations and what can be done to mitigate the damage to prevent your organization from suffering a similar outcome. For compliance and audit professionals, this class details how to automate controls in support of the Health Insurance Portability and Accountability Act ("HIPAA") Security Rule and other key regulations.

Why Choose This Course?

  • The HIPAA Security Rule provides the "what" in regard to requirements with which health care organizations must comply, yet we're often asked "how can we implement safeguards that fulfill the intent of the rule?" and "what else should HCO's be doing to protect patient and hospital assets?". This course is purposefully built to provide an effective answer.
  • Health Care Security Essentials dissects the Security Rule and highlights important security controls to identify and mitigate both insider and external based attacks.

If you are an information security professional working in health care, this course will provide you with practical advice for stopping even the most advanced attacks that may target the organization.

Course Syllabus

Greg Porter
Thu Apr 20th, 2017
9:00 AM - 5:00 PM


The first day of the course focuses on existing threats to health care information systems and data. We will examine 'why' and 'how' patient information is being targeted, as well as evolving trends, including, but not limited to the commercialization of malicious software, medical identity theft, and insider threats. Day one also provides attendees with an overview of the HIPAA Security Rule and its context, with close attention paid to the rules structure, safeguards, and the implementation specifications governing ePHI. This information will remove ambiguity and get to the point of how to defend patient data and other sensitive information. The section concludes with a discussion on security frameworks, controls, and practical countermeasures.

Hands-on exercises covered in the first day include an analysis of recent breach data, sensitive asset identification and hardening, and an introduction to data loss prevention ("DLP").

CPE/CMU Credits: 6

Greg Porter
Fri Apr 21st, 2017
9:00 AM - 5:00 PM


Day two begins with examining the risk analysis requirement of the Security Rule, 164.308(a)(1)(ii)(A) along with relevant audit findings and important considerations for developing a defensible risk management process. Physical and technical safeguards are also examined. The course then transitions to a review of electronic health records ("EHR") security, often a prized target by criminals, and EHR application assessment and hardening. Section 2 concludes by discussing the current state of medical device security and risk management processes.

Hands-on exercises covered during day two include log monitoring and analysis techniques, vulnerability assessment, asset encryption, and configuration analysis. Additional labs may be added, time permitting.

CPE/CMU Credits: 6

Additional Information

  • Student laptops should have virtualization enabled in the BIOS and administrative rights, ideally.
  • The laptop should have at least one available USB port.
  • All requisite software including VMWare Player/Fusion is provided during the class.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Paid by Mar 22 Paid after Mar 22 Options
1,930 USD 2,130 USD
  •  Refund Deadline: Mar 29, 2017

Venue Information

  • Kraft Kennedy
  • 630 Third Ave.
    14th Floor
    New York, NY 10017 US
  • Phone: 212-986-4700
  • Web: Kraft Kennedy
Reservation Information

Recommended hotels in the area:
157 West 47th Street
New York, NY 10036
PH: (212) 768-3700
A block of rooms has been reserved for SANS attendees at a special rate of $180 per night. Reservations must be made directly with the hotel by contacting Ginger Mahmoud (ginger@nighthotels.com or (212) 827-1911) and asking for the Community SANS rate.


212 East 42nd Street
New York,New York
PH: (212) 490-8900


109 East 42nd Street at Grand Central Terminal
New York, New York
PH: (212) 883 1234
We encourage you to check for rates online or call hotels directly.

Please check http://www.fedrooms.com for Government Per Diem availability in the area. Note, you may need to reserve your accommodations online (http://www.fedrooms.com) as these rates may not be available by contacting the hotel directly. However, if not available online, please feel free to contact the hotel directly.