SAN JOSE, CA--(Marketwire - July 30, 2008) - Expanding on the success of its Payment Card
Industry (PCI) for Retail Solution, Cisco (
NASDAQ:
CSCO) today introduced
its first validated architecture to address PCI compliance in healthcare
settings. Specifically, the PCI Data Security Standard is providing
healthcare organizations with a prescriptive model for how to safeguard
patient financial transaction data and other personally identifiable
information that is captured and processed within a healthcare facility or
settings such as retail pharmacies.
The PCI for Healthcare Solution offers comprehensive design and
implementation guidance to protect credit card, sensitive patient
demographic, and employee information. Cisco's PCI solutions for
healthcare and retail offer a holistic approach to specific data security
challenges. Cisco also announces its membership in the PCI Security
Standards Council to help shape future data security policy.
"Survey data tells us that healthcare consumers are just as concerned that
their identity may be stolen or abused as they are that private information
will be released," noted Frances Dare, director, Cisco Internet Business
Solution Group (IBSG) healthcare practice. "The PCI standards help a wide
range of healthcare organizations protect essential patient demographic and
financial information in addition to the tremendous work by hospitals and
others to protect personal clinical data," Dare said.
Security Solutions for Healthcare
External data security related attacks on the healthcare industry have
increased 85% between January 2007 and January 2008(1). One challenge is
that one in four healthcare executives does not know where their sensitive
data is located(2). Also, many organizations do not have a security
framework in place to provide optimal protection.
The prescriptive nature of Cisco's PCI for Healthcare solution strengthens
the Cisco Medical Grade Network design architecture by establishing a model
to secure sensitive data while at-rest and in-motion. It also offers
broader enterprise policy direction on how healthcare organizations should
protect critical assets such as patient medical and financial information.
Beyond the new PCI standards for healthcare, data security is an increasing
area of focus for both health organizations and Cisco. Both Cisco's Unified
Wireless Networks and Ironport email security appliances have received
endorsement from the American Hospital Association.
"The privacy of patient information is foundational to the healthcare
industry," said John Halamka, MD, CIO of Harvard Medical School and CIO of
CareGroup Health System. "The new PCI security standards are important
additions to the larger data security picture for health organizations,"
noted Dr. Halamka, who also serves as chairman of the Health Information
Technology Standards Panel. "In addition to these standards, legislation
currently moving in Congress signals other security requirements that may
soon affect healthcare. This is an important time for healthcare leaders
to strengthen their security policies, practices and technologies."
PCI Solution for Retail
Protecting customer credit card information has been at the forefront of
retailers' minds for several years. Data theft is also moving downstream
from large retail organizations to include regional chain store
establishments.
Announced at the National Retail Federation show in January, Cisco's PCI
Solution for Retail is a set of PCI reference architectures designed to
help retailers manage the complexities associated with the PCI Data
Security Standard. The solution includes design recommendations for
securing remote environments such as retail stores, e-commerce sites and
data centers. The Cisco PCI Solution for Retail has been tested and
deployed in Cisco's labs and validated for both the wired and wireless
environment by outside PCI auditor (QSA) Verizon Business.
"In an era of declining consumer confidence, it is more important than ever
to deliver a seamless secure payment experience to our customers," said
Carrie Peters, vice president of information technology of Jones-Onslow
Electric Membership Corporation. "Cisco understands the specific challenges
retailers are facing and has helped Jones-Onslow create a comprehensive
approach to securing sensitive customer information."
Data Security Challenges for Vertical Markets
Moving forward, it is important to recognize that protecting critical
assets within an organization is an ongoing systems process rather than
simply a checklist of items to meet compliance requirements. Four key
areas to ensure that an organization's critical assets are secure include:
1. Education: Identify what the business critical data assets are and
where these assets are located.
2. Operations (Process): Safeguard critical data while "at rest" and
"in motion." Isolate access to those assets and network segments where
the assets are with a layered defense approach.
3. Regulatory and Corporate Policy Compliance: Adopt a security program
that focuses on safeguarding critical data and addresses government
and regulatory compliance requirements such as Sarbanes-Oxley, PCI,
and HIPAA.
4. Technology: Implement a solid security infrastructure and portfolio
of technologies that satisfies the education, operations and policy
steps.
Shaping the future of data security
Cisco approaches data security not only through technology but also by
influencing future policy formation to help provide intelligent counsel to
customers. By joining the PCI Data Security Standards Council, Cisco will
help to evolve this key data security standard in the months ahead.
Similarly, as a board member of the HITRUST Alliance, Cisco can help drive
security best practices learned over the years to benefit healthcare
organizations. Cisco actively participates in public policy discussions and
Congressional hearings about data security advancements and will continue
to play a role moving into the fall legislative season.
IPTV Roundtable
On July 30, 2008, Cisco and two information/security executives from the
retail and healthcare industries will host a live, interactive Internet TV
broadcast about the threats, challenges and approach to achieving PCI
compliance and data security.
Who:
-- John Halamka, MD, CIO of Harvard Medical School and CIO, CareGroup
Health System
-- Carrie Peters, vice president of information technology, Jones-Onslow
Electric Membership Corporation
-- Ed Jimenez, director of vertical market solutions, Cisco
-- Frances Dare, director, healthcare practice, Cisco Internet Business
Solutions Group (IBSG)
-- Host: Terri Quinn-Andry, senior manager of PCI solutions, Cisco
When: Wednesday, July 30, 2008, 8:00 - 9:00 a.m. PST
Where: The broadcast can be accessed at the following URL:
http://tools.cisco.com/cmn/jsp/index.jsp?id=76478
Attendees should go to this URL on July 30 at 8:00 a.m. PST and select
"Play" to launch the live presentation.
About Cisco
Cisco (
NASDAQ:
CSCO) is the worldwide leader in networking that transforms
how people connect, communicate and collaborate. Information about Cisco
can be found at
http://www.cisco.com. For ongoing news, please go to
http://newsroom.cisco.com.
Cisco, the Cisco logo and Cisco Systems are registered trademarks or
trademarks of Cisco Systems, Inc. and/or its affiliates in the United
States and certain other countries. All other trademarks mentioned in
this document are the property of their respective owners. The use of the
word partner does not imply a partnership relationship between Cisco and
any other company. This document is Cisco Public Information.
(1) Secure Works, Data Security Study
(2) Secure Works, Data Security Study
For direct RSS Feeds of all Cisco news, please visit "News@Cisco" at the
following link:
http://newsroom.cisco.com/dlls/rss.html
Contact Information: Media Relations:
Christopher Barker
Cisco Systems, Inc.
206 679-8151
chrbarke@cisco.com
Industry Analyst Relations:
Laura Irwin
Cisco Systems, Inc.
408 853-8876
lirwin@cisco.com
Investor Relations:
Marilyn Mora
Cisco Systems, Inc.
408 527-7452
marilmor@cisco.com