The COVID-19 pandemic has had a tremendous ripple effect across all industries, with one of the most impacted being healthcare. Providers have had to quickly adapt to supporting patients ‘virtually’ in a secure manner, while simultaneously developing procedures to support accurate reporting to government organizations. These changes have placed added pressure on security and privacy professionals, as they struggle to keep up with urgent demand.
Mature healthcare organizations already have stringent policies and procedures in place to remain compliant with government regulatory requirements (i.e., HIPAA, HITECH Act, etc.) and protect patients’ privacy. However, with the new focus on telehealth, unprecedented patient growth, and strict regulations on reporting, the key threats healthcare security and privacy teams need to be able to detect are also evolving:
Identifying these threats and uncovering suspicious patterns or activities, however, is no easy feat. Most security monitoring solutions cannot integrate with and consume electronic medical records (EMR) in a usable format. As a result, these solutions have limited out of the box content, leaving a majority of threat detection engineering to the security operations teams, which are already overwhelmed. Legacy security tools are no longer cutting it, as they use rule-based security event monitoring methods that do not account for the need to protect patient data privacy required by regulations such as HIPAA, HITRUST, and GDPR. They also lack the ability to protect patient data from insider threats, advanced persistent threats, or targeted cyberattacks.
Successfully monitoring patient data privacy must focus on two key entities: the employees accessing records and the patients whose records are being accessed. Organizations need to be able to visualize and correlate events across these entities and throughout the IT infrastructure and EMR applications to detect suspicious patterns while adhering to reporting and compliance mandates.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Monitoring EMR applications is crucial to detect and prevent suspicious activity that may lead to data compromise. However, this can be a cumbersome process. Given that nearly all EMR records contain patient data information, organizations must maintain the confidentiality of this data while enabling security monitoring. Unfortunately, most traditional SIEMs do not provide solutions to this problem. As a result, organizations are forced to intermix sensitive patient data with other IT data, risking compliance violations.
To achieve these goals in the near term, there are five crucial areas where healthcare security and privacy teams need to focus attention:
1. Remote Access Protocol: Like all other industries, healthcare organizations must now grant remote access to a large percentage of their workforce. As they migrate workers to remote access these organizations must address logistical challenges such as ensuring IT support can keep up with requests and implementing multi-factor authentication.
2. Security Training: Organizations must make sure that their employees are abreast of the unique challenges that accompany working remotely and associated security best practices (i.e., security hygiene, secure internet connections, strong vs. weak passwords, signs of phishing attacks, etc.)
3. Critical App Exposure: Typically, critical applications containing electronic health records are not exposed to the internet without very rigid security controls. However, with the need to share and access more information via apps, strict security is more critical than ever before.
4. Use of Personal Devices: Many organizations do not issue corporate devices to all their employees. Therefore, there is a greater security risk as workers are being permitted to use their personal devices to access critical systems.
5. User Monitoring and Detection: Identity activity patterns are vastly different as employees adapt to the new normal. As a result, prospective attack vectors have changed drastically. Monitoring and detecting new patterns of human and non-human identities must happen quickly in order to adapt to the new reality and detect attacks.
With the entire world experiencing unprecedented changes, we must learn to adapt quickly and strategically. New threat patterns will emerge, but it is crucial to remain vigilant about all activity and access occurring across IT infrastructure. Stringent regulations and ethical codes of conduct also mean that organizations need to be more vigilant about protecting patient data privacy than ever before.
The constantly evolving data landscape makes it hard to differentiate new and normal, from malicious and threatening. Healthcare organizations need to assess their security posture, ensuring that they have proper tools in place to accurately analyze and correlate events across the IT infrastructure and electronic records. Only with access to this full picture will they be able to detect any suspicious patterns and ultimately protect patient data.
Source: Hit Consultant