Data breaches are a major problem for healthcare cybersecurity. In their 2018 Cost of a Data Breach Report, IBM and the Ponemon Institute found that healthcare data breaches cost an average of $408 per record; the highest per record cost of any industry and nearly three times higher than the overall average of $148 per record.
Cyberattacks are the source of more than half of the data breaches in the healthcare industry. The goals behind these cyberattacks range from economic espionage to geopolitical or corporate espionage. The cyberattacks themselves employ ransomware to shut down operations by targeting vulnerable medical devices. The remainder of the breaches tend to be the result of insider threats – including employee negligence, third-party attacks, or lost or stolen devices.
Irrespective of the cause of the breach, the concern is that existing tools deployed by healthcare organizations are not effective in detecting the breaches in time to prevent losses.
The Challenges of Using Legacy SIEM Tools for Healthcare Cybersecurity
Most security monitoring solutions do not have the ability to integrate with and consume electronic medical records (EMR) in a usable format.
As a result, these solutions have limited out of the box content. This leaves the bulk of threat detection engineering to the security operations teams which are already stretched thin.
Legacy security monitoring tools do not account for the need to protect patient data privacy required by regulations such as HIPAA, HITRUST, and GDPR. This can be a big hurdle to collecting EMR events in such tools.
Legacy security monitoring tools use rule-based security event monitoring methods that can be marginally effective at meeting basic compliance needs, but do not protect patient data from insider threats, advanced persistent threats, or targeted cyberattacks.
The Securonix Approach to Healthcare Security Monitoring
Securonix integrates with EMR applications, security network devices and identity stores to allow you to collect and enrich healthcare security events with rich contextual information in order to produce meaningful insights.
Integration with EMR Applications
One of the main requirements for security monitoring in healthcare is the ability to integrate with EMR applications. Securonix has out of the box integrations with all major EMR applications so Securonix can collect, enrich, and analyze EMR events in real-time to detect advanced threats.
Data Insights and Compliance Reporting
Proactively monitoring for, and detecting threats to patient health data is important. Equally important is maintaining dashboards and reports to ensure compliance with HIPAA, HITRUST, GDPR, and other privacy regulations.
Securonix provides hundreds of built-in dashboards and reports to provide you a snapshot of your risk posture and meet compliance requirements.
Securonix is also HITRUST CSF certified. HITRUST CSF certification integrates, harmonizes, and cross-references globally recognized standards and business requirements including HIPAA, PCI, NIST, ISO, and state laws for comprehensive security controls. HITRUST provides both prescriptive requirements and a flexible framework that evolves alongside changing industry conditions.
Maintaining Patient Data Confidentiality
Monitoring EMR applications is critical to detecting suspicious activity that may lead to data compromise. However, EMR records contain patient data information, so it is important to maintain the confidentiality of this data while enabling security monitoring. Most traditional SIEMs do not provide a solution to this problem, requiring organizations to intermingle sensitive patient data with other IT data and risking compliance violations.
Securonix addresses this concern by providing privacy capabilities that maintain the confidentiality of sensitive data. These capabilities include:
- Data anonymization (i.e. masking)
- Role-based access control
- Data filtering or erasure, which is a GDPR requirement
- A complete audit trail
These privacy capabilities not only meet industry standard requirements for regulations such as HIPAA, GDPR, and others, but have also been approved by customer work councils across EMEA and APAC.