Security

Services and tools that safeguard our computing resources and data

: An Introduction to HIT Security

A quick link to the HIT Security site with commonly used information and forms.
Audit: Auditor of Public Accounts (APA) Audits

The HIT Security team offers a centralized solution to your audit needs.; HIT Security Quality Assurance Reviews

HIT Security conducts reviews to ensure that Medical Center information systems are compliant with regulatory requirements.
Data Encyrption: Dell Data Protection Encryption (DDPE) USB device password reset

HIT Security assists with the recovery of passwords on USB devices encrypted with DDPE.
End-User Computing: Surplus of Computer Equipment

HIT performs surplusing of all Medical Center-owned computing equipment, including but not limited to PCs, laptops, tablets, and printers.
IT Security Incidents: Computer Security Incidents: Report an Incident

A quick link to the Computer Incident Report.; Computer Virus Investigation

HIT Security investigates computer virus outbreaks in UVA Health System imaged computers.; Data Loss Prevention, Investigations, Remediation and Reporting

HIT Security provides Security investigations into all reported potential electronic information security incidents including misuse by authorized users, unauthorized access, computer viruses, worms, hacking, information system failure, and theft. HIT Security is responsible to investigate incidents related to PHI/PII, which include but are not limited to virus incidents and Data Loss Prevention (DLP) incidents.; Spam Outbreak Investigation and Assistance

HIT Security provides security investigations into reported SPAM email outbreaks from UVA Healthsystem email accounts. This includes containment of SPAM email distribution outbreaks, interviews of affected UVA email user to help identify possible causes, and follow-up with security awareness training.
IT Security Procedures & Policies: Procedures, Standards, and Policies

We review Medical Center policies, procedures, and standards relevant to information security.
IT Security Vulnerability Assessment: Cloud Risk Assessment

HIT Security can provide a risk assessment of Cloud based applications. This risk assessment is NIST based and thus allows for an uniform approach to reviewing Cloud solutions that may involve PHI or PII data.; Medical Device Risk Assessment

HIT Security can provide a risk assessment of medical devices. This risk assessment is NIST based and thus allows for a uniform approach to reviewing medical devices that may involve PHI or PII data.; Network-Based Scanning

HIT Security regularly scans Medical Center assets for security vulnerabilities. You can request that we include a particular machine in our regular vulnerability scans which will produce a detailed vulnerability assessment report.; NIST Based Risk Assessment

HIT Security can provide NIST based risk assessments of application systems used by UVA.; Web Application Vulnerability Scanning

HIT Security provides detailed vulnerability scanning of new and existing web applications. After completing a scheduled scan of the application, a report will be delivered containing details about discovered vulnerabilities and recommendations for mitigating them.
Security Awareness and Training: Security Awareness and Training

We promote security awareness in a variety of ways.