Preventive, Proactive and Precise Healthcare Security through Data Informed Decisions

Last month, Government Health IT hosted the first of a four-part webinar series that will explore the use of analytics in various parts of healthcare operations—security, privacy, compliance, critical application services, fraud detection, optimization of patient experience and more. This Splunk-sponsored event examined how analytics are driving improved healthcare data security. I took part in the conversation to discuss how healthcare organizations address cyber risks and regulatory compliance.

You cannot address a delivery system transformation, precision health or consumer health movements, for that matter, without support from modern technology trends—digitization of healthcare processes, interoperability and data access and analysis for continuous improvements. Organizations must facilitate the exchange of health information among medical record systems, scheduling systems, billing and insurance records. Additionally, agencies must ensure compliance and security of all of these data sources.

Ref 1: The Fourth Annual Benchmark Study on Patient Privacy & Data Security sponsored by ID Experts and conducted by the Ponemon Institute, March 2014

Ref 1: The Fourth Annual Benchmark Study on Patient Privacy & Data Security sponsored by ID Experts and conducted by the Ponemon Institute, March 2014

Concurrently, today’s advanced threats are stealthier and more sophisticated than ever before. Cyber criminals, nation states and insiders threatening a healthcare organization’s system know how to evade detection from traditional point security products that look for specific threat signatures. Point blank: they are good at stealing confidential data and many of their victims end up in the headlines. A recent Mandian Trends report found that valid credentials are used to hack organizations’ systems in 100 percent of instances by stealing passwords, using keyloggers or using their own admin-level credentials. Further, the report found that hackers can remain undetected on an organization’s network for an average of 229 days. That’s over half a year!

To build an effective security and privacy incident management program, agencies should first review the landscape and knowledge within the organization and gather the relevant data in one place. In traditional legacy security analysis platforms, each incremental data source takes 3-12 months to integrate. Each audit log source looks different, and there is no standard format. Security, audit and compliance departments must converge if they are to realize the benefits of enterprise security programs. Agencies should approach all data as security relevant because the more insight you have, the more secure you’ll be. Further, having a single platform and the ability to cross-reference regulatory requirements and control objectives will help you avoid duplication of efforts.

Next, it’s important to stratify risks of your assets and users. For example, assets holding protected health information (PHI) data or the organization’s Intellectual Property (IP) may be scored at a higher risk than others. Previous security and privacy incidents should also be used in this stratification process. It is important to have the capability to dynamically update risk scores based on new information, events or threat intelligence. The same stratification should be applied to your user base, which includes vendors, customers and business partners/associates. Additionally, review your legacy access. This is a big issue in most healthcare organizations, specifically in academic medical centers where one person may have multiple appointments and contracts. In my experience, this is where attackers could exploit potential vulnerabilities.

Learning how to paddle in this rough and messy security data lake isn’t always easy. That’s why agencies should invest in a platform that can handle diverse data sets and scale to capture and search billions of events near real-time. This helps to automate the correlation of raw events, adding context and producing derived and interesting events for security teams to review. The right platform will also create on-demand compliance and privacy monitoring reports and highlight exceptions.
Organizations must define normal behavior to allow the identification of unusual activities and events. The system can then scan through log data and produce alerts for potential privacy violations, non-compliance and potential cyber threats. It should also adjust risk scores based on new and interesting threat intelligence or events. Assessing the relative change in risk scores and examining the events that contributed to these scores are critical in securing your network.

It is time healthcare organizations start being proactive instead of reactive with cyber threats and risk assessments. Splunk has risk analysis and prediction models that are helping government healthcare organizations’ IT improve performance and protect patient privacy. If you don’t have a good security practice, then patients will not be comfortable with your handling their data, and the system ends up being counterproductive.

To learn more about Splunk’s capabilities in healthcare, read our new Government Healthcare Solution Guide.

I appreciate everyone who attended and participated in our first webcast in the series. However, you can still check out the replay if you missed it. Also, mark your calendar and join us on June 23 for the next Government Health IT webcast, which will explore how big data and analytics capabilities can provide organizations with 360-degree views of their healthcare applications and IT infrastructures.

Screen Shot 2015-06-04 at 8.59.54 AM


Adrish Sannyasi
Healthcare Big Data Architect
Splunk Inc.

Adrish Sannyasi

Posted by


Join the Discussion