Published on June 3, 2019
Healthcare organizations are aware of the extremely sensitive nature of, and consequently the importance of, protecting patient data. Due to the value of personal health information (PHI), healthcare organizations are under attack from both external and internal threats. External attackers, drawn by the monetary value of PHI, employ increasingly sophisticated techniques in order to gain illegitimate access to patient health records. Organizations also face stiff regulatory pressure that penalizes the negligent or malicious mishandling of patient data.
The Challenge: Ensuring Access to PHI While Securing It
The healthcare industry is continuously evolving, which makes securing their infrastructure an ongoing challenge. Developments include:
- Adopting the use of electronic health records
- Relying on increasingly sophisticated and internet-connected medical devices
- Adhering to complex regulatory requirements including, but not limited to, HIPAA and HITECH
Attackers, on the other hand, have started using increasingly sophisticated techniques to target healthcare organizations. They have realized that healthcare records are worth a lot of money on the black market. Common techniques include:
- Internet of things (IoT) vulnerabilities
- Malicious insiders, including bribing employees
- Social engineering through social media or phishing attacks
The technologies many healthcare organizations employ for security are out of date and cannot cope with innovations in medical technology. Existing signature- and rule-based security information and event management (SIEM) tools are incapable of detecting sophisticated attacks. They produce a torrent of alerts, missed indicators, and false positives that drowns your security team in a flood of noise. Real alerts are buried, and your security team spends their time chasing down irrelevant items, dangerously reducing the effectiveness of your security program.
The Solution: Ensuring Security and Privacy Using Next-Gen SIEM
In the face of healthcare’s increasing reliance on medical software, hardware, and digital data, as well as the changing threat landscape, the following key attributes of a next-gen SIEM will help reduce the risk.
- Leverage machine learning and artificial intelligence techniques. It is easy for attackers to use common techniques to circumvent rule- or signature-based legacy SIEM solutions. Using an automated machine learning and big data analytics-based next-gen SIEM solution will ensure that your organization can stop unknown threats. A machine learning-based system can quickly adapt and detect sophisticated threats that rules- or signature-based systems aren’t fast enough to combat.
- Use behavioral analytics to monitor for insider threats and snooping. You can maintain a list of users and access privileges to ensure that users are not accessing health records they should not have access to. But understanding user behavior at an individual and group level is a key element in detecting anomalies that can be indicative of an insider threat. Insider threats rely on users abusing the access privileges they have been granted in order to perform activity outside their authorized domain. These malicious behaviors can be picked up using a next-gen SIEM with strong behavioral analytics.
- Maintain well-defined incident resolution processes. When a cyberattack is detected, quick analysis and mitigation is critical. Threats that go unresolved for extended periods of time result in crippling cyber incidents. By maintaining, communicating, and providing training on the procedures to perform in case of an attack, your organization can minimize the damage of an attack.
- Preserve patient data confidentiality. Monitoring EMR applications is critical to detecting suspicious activity. However, EMR records contain patient data, so it is important to maintain the confidentiality. Legacy SIEMs require organizations to intermingle sensitive patient data with other IT data and risk compliance information. A next-gen SIEM solution provides capabilities that maintain the confidentiality of sensitive data, such as data anonymization (i.e. masking), role-based access control, data filtering or erasure, and a complete audit trail.
- Simplify compliance reporting. Healthcare organizations are subject to many industry regulations. Next-gen SIEM solutions provide out of the box and ad-hoc reporting capabilities to meet the reporting and compliance needs for HIPAA, HITRUST, GDPR, and other industry regulations.
Securonix provides the ability to search, investigate, and respond to threats, all from a single pane of glass. Securonix Next-Gen SIEM comes with out of the box integrations with EMR applications, security and network devices, and identity stores. This allows you to collect and enrich healthcare security events with rich contextual information to produce meaningful insights. Enriched events are analyzed using machine learning algorithms to baseline normal trends and identify anomalous behavior. Securonix then combines related anomalies into threat chains in order to prioritize the highest risk events.