Securing Patient Data Privacy Using User & Entity Behavior Analytics

Healthcare organizations are aware of the extremely sensitive nature of, and consequently the importance of securing patient data. Hackers, on the other hand, are also well aware of the value of this PHI, including its monetary value. As such, they employ increasingly nefarious techniques in order to gain illegitimate access to patient health records. Hospital and insurance staff must also constantly be on the look out for negligent or malicious mishandling of patient data.

Security Challenges:

Ensuring necessary access to personal health information (PHI) while ensuring its security a major challenge. The healthcare industry – payers and providers both, are in the middle of a sea-change transition as they move to adopt electronic health records, rely on increasingly sophisticated and internet connected medical devices, and at the same time try to adhere to the requirements of the HIPAA and HiTech Acts.

Hackers, on the other hand, have become increasingly sophisticated targeting healthcare organizations. They have realized that healthcare records are worth a lot more than other forms of digital information – credit cards, SSNs etc. for example, and are using ransomware, IoT vulnerabilities, insider access, social engineering, and even bribery to attack hospitals and insurers.

The technologies many healthcare organizations employ for security are simply out of date in the light of medical technology innovation and adoption. Security teams largely rely on signature and rule based tools that are incapable of detecting sophisticated attacks. This results in a flood of alerts missed indicators, and false positives emanating from these traditional rule-based systems. Real alerts are buried in a flood of noise, and your security team spends time chasing down irrelevant items, dangerously reducing the effectiveness of the security program.

Ensuring Security and Privacy:

In the face of increasing reliance on medical software, hardware and digital data and the changing threat landscape the following key steps will help reduce the risk hospitals and insurers carry.

  • Ensure your security monitoring technologies are up to the task. Sophisticated threats slip by rule based threat detection tools because hackers develop their tools to circumvent traditional tools. Bringing in an automated machine learning and big data analytics based security detection solution will ensure that your organization is resilient to the highly dynamic attacks and “unknown unknowns” being thrown at your IT systems. This machine learning based system can adapt and detect sophisticated threats, your security team simply cannon update the rules/signatures fast enough.
  • Audit and monitor your users with UEBA. Cyber attacks today are increasingly user based. Maintain a list of users and access privileges to ensure that users are not accessing health records they should not have access to. Understanding user behavior at an individual and group level is also a key element in detecting anomalies, and hence cyber threats. Insider and user based attacks rely on granted access where the user abuses the access privileges and performs activity outside their authorized domain. These behaviors indicative of malicious intent can only be picked up with a user and entity behavior analytics (UEBA) solution.
  • Maintain well-defined incident resolution processes. When a cyber attack is detected, quick analysis and mitigation is the key to reducing any impact. Threats that are allowed to go undetected and unresolved for extended periods of time result in crippling cyber incidents. By maintaining, communicating and training on the procedures in case of an attack, the healthcare organization can minimize the damage of the attack and turn the incident into a non-material event.

The Securonix solution offers a user behavior analytics based solution to help organizations automatically establish a baseline for normal patient and employee activities and identify malicious patterns. The machine learning approach reduces manual effort, helps identify real threats, and assists with HIPAA and other healthcare compliance reporting. The Securonix solution combines both security and privacy alerts to provide complete visibility into a healthcare organization risk posture.

What is User Entity and Behavior Analytics (UEBA)?
User and Entity Behavior Analytics
Five Insider Threat Profiles
Securonix for Insider Threat Detection & Response