Healthcare Case Study:
Threat & Risk Monitoring for Clinical Systems

Regional Healthcare Provider


Our client is one of the largest faith-based, nonprofit health care delivery systems in the United States with over 21,000 employees and 25 hospitals. The Provider also offers a wide variety of healthcare services with over 5000 physicians and 18 outpatient facilities and branches.


The client uses a variety of healthcare clinical and administrative applications across their diverse network of hospitals and clinics. Among these applications are Epic, Cerner, Medicity HIE, and AllScripts. Maintaining the privacy and integrity of customer/patient data in this diverse and distributed set of applications is mission critical for the customer. To accomplish this, the client deployed an application monitoring solution that uses policies or “signature-based” detection techniques to detect known bad behavior. Although the solution met key compliance needs, it failed at detecting true data misuse and theft from legitimate use while resulting in high management cost and too many false positives to deal with effectively

about which he was concerned.


Faced with an existing solution that was unable to detect real threats against their data, the client chose Securonix to help remove the noise and to give them the detection and monitoring capabilities they needed. The Securonix platform is setup to automatically monitor the applications for abnormal usage for unknown and known threats associated with data theft, misuse and fraud. The solution is also used to automatically identify suspicious access of critical patient healthcare records.



  • Healthcare

Securonix Solutions

  • Privileged Account Security Monitoring
  • Identity & Access Intelligence
  • Application Security Intelligence

Securonix Use Cases

  • Break the Glass Monitoring
  • VIP Record Access Detection
  • Co Worker Snooping Detection
  • Family Snooping Detection
  • High Privileged Accounts Monitoring
  • Deceased Record Access Detection
  • Post Discharge Access Detection

Business Impact

  • Increased patient privacy
  • Reduced risk of data compromise
  • Improved compliance
  • Operational efficiency and cost reduction

Data Sources

  • Active Directory
  • Microsoft Forefront Identity Manager
  • Peoplesoft
  • Epic
  • Cerner
  • Medicity HIE

Solution Tour

  • Break The Glass (BTG) Process Monitoring

  • Coworker Snooping

  • Family Snooping Detection

  • Deceased Record Access Detection

  • VIP Data Access Detection

  • High Privileged Account Monitoring on Active Directory

BTG is a workflow feature in Epic requiring a healthcare provider to provide a reason for accessing a patient’s record in certain circumstances. Securonix detects Epic BTG requests, evaluates the reason, and generates alerts and reports.

The Securonix solution monitors for the unauthorized snooping of coworker healthcare records. By applying advanced analytics on EPIC logs, the Securonix solution automatically detects and alerts on coworker snooping incidents of Coworker Snooping.

The Securonix solution monitors for the unauthorized snooping of healthcare records for family members. By applying advanced analytical techniques, the solution automatically detects and alerts the security team when a suspicious breach is detected.

The Securonix solution detects the access of healthcare records for deceased patients. An alert is generated for the security team to investigate when healthcare records are accessed.

VIP medical records are flagged and continuously monitored by Securonix for any rogue access or snooping by unauthorized personnel. Any such access is immediately flagged and the security team is alerted to activate the client’s incident response processes before damage is done.

For Active Directory the customer classifies privileged accounts for vendors, doctors, and employees with specific usage policies. Securonix provides continuous risk and compliance monitoring and reporting capabilities on these accounts. The reports enable managers to make data driven decisions on high-risk activity and access associated with the privileged accounts.