Security

Services and tools that safeguard our computing resources and data
A quick link to the HIT Security site with commonly used information and forms.

Audit
The HIT Security team offers a centralized solution to your audit needs.
HIT Security conducts reviews to ensure that Medical Center information systems are compliant with regulatory requirements.

Data Encyrption
HIT Security assists with the recovery of passwords on USB devices encrypted with DDPE.

End-User Computing
HIT performs surplusing of all Medical Center-owned computing equipment, including but not limited to PCs, laptops, tablets, and printers.

IT Security Incidents
A quick link to the Computer Incident Report.
HIT Security investigates computer virus outbreaks in UVA Health System imaged computers.
HIT Security provides Security investigations into all reported potential electronic information security incidents including misuse by authorized users, unauthorized access, computer viruses, worms, hacking, information system failure, and theft. HIT Security is responsible to investigate incidents related to PHI/PII, which include but are not limited to virus incidents and Data Loss Prevention (DLP) incidents.
HIT Security provides security investigations into reported SPAM email outbreaks from UVA Healthsystem email accounts. This includes containment of SPAM email distribution outbreaks, interviews of affected UVA email user to help identify possible causes, and follow-up with security awareness training.

IT Security Procedures & Policies
We review Medical Center policies, procedures, and standards relevant to information security.

IT Security Vulnerability Assessment
HIT Security can provide a risk assessment of Cloud based applications. This risk assessment is NIST based and thus allows for an uniform approach to reviewing Cloud solutions that may involve PHI or PII data.
HIT Security can provide a risk assessment of medical devices. This risk assessment is NIST based and thus allows for a uniform approach to reviewing medical devices that may involve PHI or PII data.
HIT Security regularly scans Medical Center assets for security vulnerabilities. You can request that we include a particular machine in our regular vulnerability scans which will produce a detailed vulnerability assessment report.
HIT Security can provide NIST based risk assessments of application systems used by UVA.
HIT Security provides detailed vulnerability scanning of new and existing web applications. After completing a scheduled scan of the application, a report will be delivered containing details about discovered vulnerabilities and recommendations for mitigating them.

Security Awareness and Training
We promote security awareness in a variety of ways.