The COVID-19 pandemic has overwhelmed healthcare providers around the world like never before. There has been an unprecedented increase in the number of patients, a switch to supporting existing patients ‘virtually,’ and a need to report to multiple government organizations. These changes present challenges that security and privacy professionals have never seen before – at least not to this extent and with this amount of urgency.
Healthcare organizations are bound by stringent regulatory requirements (including HIPAA) to protect patient data privacy. Most mature organizations already have strong processes and controls in place to manage and monitor access to patient data. However, with the sudden move to remote visits and changes in reporting requirements, organizations are facing a variety of unique challenges.
- Remote Access Setup: In order to comply with shelter in place guidelines and slow the spread of the pandemic among their employees and patients, healthcare organizations are suddenly faced with the need to grant remote access to large portions of their workforce. This presents many challenges from logistical (e.g., having enough IT staff to support a massive volume of requests) to security (e.g., having multi-factor authentication in place to comply with existing regulations).
- Training: A workforce that is not accustomed to the unique challenges of working remotely is more likely to use poor security hygiene, such as using insecure internet connections, weak passwords, etc.
- Critical App Exposure: Critical applications with EMR data are typically not exposed to the internet without strong security controls. This norm is being challenged by today’s remote work setup.
- Use of Personal Devices: Not every employee has a corporate issued mobile device (including laptops or smart phones). This is forcing organizations to allow employees to use personal devices to access critical systems, raising additional security concerns.
- User Monitoring: Employee activity patterns and prospective attack vectors have changed radically. Monitoring and detection controls need to be able to adapt quickly to new patterns in order to detect attacks.
Securonix Patient Data Privacy Monitoring
Securonix patient data privacy monitoring focuses on two key entities – the employees accessing the record and the patient whose record is accessed. Monitoring activity involves analyzing and correlating events across the IT infrastructure and the EMR application in order to detect any suspicious patterns.
Securonix has packaged healthcare use cases in to out-of-the-box connectors and content that healthcare organizations can deploy instantly.
Securonix ingests nearly unlimited volumes of data from a wide varitey of sources. The platform connects seamlessly to industry standard healthcare applications including, but not limited to, Epic, Cerner, Medicity, All Scripts, and Meditech.
Visualization and Use Cases
Securonix provides healthcare-specific visualizations, dashboards, and out-of-the-box reporting capabilities. The dashboards support role-based access to limit the information that a user can view based on their role. Reports are standardized for various compliance needs and can easily be customized based on organizational needs.
Sample Use Cases
Securonix monitors patient data access patterns in order to detect:
- Unauthorized access to patient data by employees
- Patient data snooping (family, co-worker, etc.)
- Unusual record access locations and multi-location access (compromised records)
- Unusual VIP record access (failed logins and download spikes)
- Terminated or dormant user accounts being used to gain access
- Accessing discharged patient records or deceased patient records
- Insider threat and ransomware anomalies
- Compliance reporting (HIPAA, HITRUST, GDPR, and other regulations)
Securonix is capable of meeting the unique needs of the healthcare industry. It leverages the latest advances in machine learning and artificial intelligence to identify threats to patient data, quickly and accurately.
Check out these other resources: