Securonix for Healthcare

Data breaches are a major problem for healthcare cybersecurity. In their 2018 Cost of a Data Breach Report, IBM and the Ponemon Institute found that healthcare data breaches cost an average of $408 per record; the highest per record cost of any industry and nearly three times higher than the overall average of $148 per record.

Cyberattacks are the source of more than half of the data breaches in the healthcare industry. The goals behind these cyberattacks range from economic espionage to geopolitical or corporate espionage. The cyberattacks themselves employ ransomware to shut down operations by targeting vulnerable medical devices. The remainder of the breaches tend to be the result of insider threats – including employee negligence, third-party attacks, or lost or stolen devices.

Irrespective of the cause of the breach, the concern is that existing tools deployed by healthcare organizations are not effective in detecting the breaches in time to prevent losses.

The Challenges of Using Legacy SIEM Tools for Healthcare Cybersecurity

  • Most security monitoring solutions do not have the ability to integrate with and consume electronic medical records (EMR) in a usable format.
  • As a result, these solutions have limited out of the box content. This leaves the bulk of threat detection engineering to the security operations teams which are already stretched thin.
  • Legacy security monitoring tools do not account for the need to protect patient data privacy required by regulations such as HIPAA, HITRUST, and GDPR. This can be a big hurdle to collecting EMR events in such tools.
  • Legacy security monitoring tools use rule-based security event monitoring methods that can be marginally effective at meeting basic compliance needs, but do not protect patient data from insider threats, advanced persistent threats, or targeted cyberattacks.

The Securonix Approach to Security Monitoring for Healthcare Cybersecurity

The Securonix Approach to Security Monitoring for Healthcare Cybersecurity

Securonix comes with out of the box integrations with EMR applications, security and network devices, and identity stores. This allows you to collect and enrich healthcare security events with rich contextual information in order to produce meaningful insights. Employee information is enriched with identity context such as manager, department, and division. Securonix also enriches patient information with identity context such as patient name, type, and classification (for example: if they are a VIP patient).

Enriched events are analyzed using machine learning algorithms to baseline normal trends and identify anomalous behavior. Securonix then combines related anomalies into threat chains in order to prioritize the highest risk events.

Securonix provides the ability to search, investigate, and respond to threats, all from a single pane of glass. The solution provides out of the box and ad-hoc reporting capabilities to meet the reporting and compliance needs for HIPAA, HITRUST, GDPR, and other industry regulations.

Securonix is HITRUST CSF certified. HITRUST CSF is the industry-wide standard required by healthcare providers and insurance plans. This achievement puts Securonix at the forefront of compliance for a SIEM solution that is cloud based, healthcare ready, and available as a service.

Healthcare companies need a SIEM that is uniquely capable of meeting the security needs of the healthcare industry.

Integration with EMR Applications

One of the main requirements for security monitoring in healthcare is the ability to integrate with EMR applications. Securonix has out of the box integrations with all major EMR applications so Securonix can collect, enrich, and analyze EMR events in real-time to detect advanced threats.

Integration with EMR Applications

Top Healthcare Cybersecurity Use Cases

Insider Threats – Detect patient data snooping attempts from internal users.

Privilege Misuse – Detect unauthorized access to sensitive patient information.

Ransomware Attacks – Detect activity by users or systems indicative of a ransomware attack.

Phishing Attempts – Analyze unusual email and network traffic to detect targeted phishing campaigns.

VIP Data Snooping – Detect unusual access to VIP patient records.

Break-the-Glass – Detect break-the-glass anomalies in EPIC.

Securonix provides hundreds of built-in dashboards and reports to provide you a snapshot of your risk posture and meet compliance requirements

Data Insights and Compliance Reporting

Proactively monitoring for, and detecting threats to patient health data is important. Equally important is maintaining dashboards and reports to ensure compliance with HIPAA, HITRUST, GDPR, and other privacy regulations.

Securonix provides hundreds of built-in dashboards and reports to provide you a snapshot of your risk posture and meet compliance requirements.

Securonix is also HITRUST CSF certified. HITRUST CSF certification integrates, harmonizes, and cross-references globally recognized standards and business requirements including HIPAA, PCI, NIST, ISO, and state laws for comprehensive security controls. HITRUST provides both prescriptive requirements and a flexible framework that evolves alongside changing industry conditions.

Maintaining Patient Data Confidentiality

Monitoring EMR applications is critical to detecting suspicious activity that may lead to data compromise. However, EMR records contain patient data information, so it is important to maintain the confidentiality of this data while enabling security monitoring. Most traditional SIEMs do not provide a solution to this problem, requiring organizations to intermingle sensitive patient data with other IT data and risking compliance violations.

Securonix addresses this concern by providing privacy capabilities that maintain the confidentiality of sensitive data. These capabilities include:

  • Data anonymization (i.e. masking)
  • Role-based access control
  • Data filtering or erasure, which is a GDPR requirement
  • A complete audit trail

These privacy capabilities not only meet industry standard requirements for regulations such as HIPAA, GDPR, and others, but have also been approved by customer work councils across EMEA and APAC.

Monitoring EMR applications is critical to detecting suspicious activity that may lead to data compromise

Customer Testimonials

Case Studies

AmerisourceBergen Uses Securonix Next-Gen SIEM to Reduce Risk

Read More

Case Studies

Using Securonix Analytics and Next-Gen SIEM to Improve Security Operations in Healthcare and Pharmaceuticals

Read More