Securonix for Healthcare

Data breaches continue to be on the rise in the healthcare industry. In their 2018 Cost of a Data Breach Report, IBM and the Ponemon Institute found that healthcare data breaches cost an average of $408 per record; the highest per record cost of any industry and nearly three times higher than the overall average of $148 per record.

Cyberattacks are the source of more than half of the data breaches in the healthcare industry. The goals behind these cyberattacks range from economic espionage to geopolitical or corporate espionage. The cyberattacks themselves employ ransomware to shut down operations by targeting vulnerable medical devices. The remainder of the breaches tend to be the result of insider threats – including employee negligence, third-party attacks, or lost or stolen devices.

Irrespective of the cause of the breach, the concern is that existing tools deployed by healthcare organizations are not effective in detecting the breaches in time to prevent losses.

The Challenges of Using Legacy SIEM Tools in Healthcare

  • Most security monitoring solutions do not have the ability to integrate with and consume electronic medical records (EMR) in a usable format.
  • As a result, these solutions have limited out of the box content. This leaves the bulk of threat detection engineering to the security operations teams which are already stretched thin.
  • Legacy security monitoring tools do not account for the need to protect patient data privacy required by regulations such as HIPAA, HITRUST, and GDPR. This can be a big hurdle to collecting EMR events in such tools.
  • Legacy security monitoring tools use rule-based security event monitoring methods that can be marginally effective at meeting basic compliance needs, but do not protect patient data from insider threats, advanced persistent threats, or targeted cyberattacks.

The Securonix Approach to Security Monitoring for Healthcare

Sx4Healthcare_1B

Securonix comes with out of the box integrations with EMR applications, security and network devices, and identity stores. This allows you to collect and enrich healthcare security events with rich contextual information to produce meaningful insights. Employee information is enriched with identity context such as manager, department, and division. Securonix also enriches patient information with identity context such as patient name, type, and classification (for example: if they are a VIP patient).

Enriched events are analyzed using machine learning algorithms to baseline normal trends and identify anomalous behavior. Securonix then combines related anomalies into threat chains in order to prioritize the highest risk events.

Securonix provides the ability to search, investigate, and respond to threats, all from a single pane of glass. The solution provides out of the box and ad-hoc reporting capabilities to meet the reporting and compliance needs for HIPAA, HITRUST, GDPR, and other industry regulations.

Healthcare companies need a SIEM that is uniquely capable of meeting the needs of the healthcare industry.

Integration with EMR Applications

One of the main requirements for security monitoring in healthcare is the ability to integrate with EMR applications. Securonix has out of the box integrations with all major EMR applications so Securonix can collect, enrich, and analyze EMR events in real-time to detect advanced threats.

Sx4Healthcare_2D

Top Use Cases

Insider Threats – Detect patient data snooping attempts from internal users.

Privilege Misuse – Detect unauthorized access to sensitive patient information.

Ransomware Attacks – Detect activity by users or systems indicative of a ransomware attack.

Phishing Attempts – Analyze unusual email and network traffic to detect targeted phishing campaigns.

VIP Data Snooping – Detect unusual access to VIP patient records.

Break-the-Glass – Detect break-the-glass anomalies in EPIC.

Sx4Healthcare_3

Data Insights and Compliance Reporting

Proactively monitoring for, and detecting threats to patient health data is important. Equally important is maintaining dashboards and reports to ensure compliance with HIPAA, HITRUST, GDPR, and other privacy regulations.

Securonix provides hundreds of built-in dashboards and reports to provide you a snapshot of your risk posture and meet compliance requirements.

Maintaining Patient Data Confidentiality

Monitoring EMR applications is critical to detecting suspicious activity that may lead to data compromise. However, EMR records contain patient data information, so it is important to maintain the confidentiality of this data while enabling security monitoring. Most traditional SIEMs do not provide a solution to this problem, requiring organizations to intermingle sensitive patient data with other IT data and risking compliance violations.

Securonix addresses this concern by providing privacy capabilities that maintain the confidentiality of sensitive data. These capabilities include:

  • Data anonymization (i.e. masking)
  • Role-based access control
  • Data filtering or erasure, which is a GDPR requirement
  • A complete audit trail

These privacy capabilities not only meet industry standard requirements for regulations such as HIPAA, GDPR, and others, but have also been approved by customer work councils across EMEA and APAC.

Sx4Healthcare_4B

Customer Testimonials

Case Studies

AmerisourceBergen Uses Securonix Next-Gen SIEM to Reduce Risk

Read More

Case Studies

Using Securonix Analytics and Next-Gen SIEM to Improve Security Operations in Healthcare and Pharmaceuticals

Read More