Data security in healthcare is of immense importance due to the sensitive nature of the data involved and the increasing frequency of cyberattacks targeting the healthcare industry. Healthcare organizations hold vast amounts of protected health information (PHI) and electronic health records (EHR), including medical histories, treatment plans, and billing details, making them prime targets for attackers. User and entity behavior analytics (UEBA) is a cybersecurity solution that can monitor access to sensitive data, helping hospitals achieve regulatory compliance with data protection laws, ensuring healthcare data security, and protecting patient privacy.
In this page, we will cover:
The healthcare industry is becoming increasingly reliant on technology to carry out various day-to-day functions, from maintaining EHR and generating test reports to utilizing online doctor-patient communication portals. While this translates into faster and more efficient medical services for patients, it also increases the attack surface for hackers looking to exploit sensitive healthcare data. Additionally, the consequences of cyberattacks in the healthcare sector could be life threatening.
While we've all heard of "health is wealth," have you ever applied this line of thought to healthcare data? In case you didn't know, a single patient's healthcare record can fetch up to $1,000 on the black market; these records fetch a high price because they contain valuable information like Social Security numbers, medications, diagnostic reports, and prescriptions issued by medical practitioners. You can view this infographic to learn six reasons why healthcare is an attractive target for cyberattacks. To learn how healthcare organizations can tackle security challenges, read this e-book.
Healthcare data security refers to the measures and protocols put in place to protect sensitive medical information, such as EHR, stored and transmitted within the healthcare industry. This includes patient records, treatment histories, diagnoses, prescriptions, and other PHI.
Healthcare data security is important because of the following reasons:
Healthcare institutions can ensure data security by investing in a SIEM solution like ManageEngine Log360, which comes equipped with UEBA capabilities. Leveraging UEBA alongside other cybersecurity measures such as encryption, access controls, and regular security audits can significantly strengthen data security in healthcare environments.
UEBA, the anomaly detection engine of SIEM solutions, employs ML algorithms and statistical models to study the behavior of users and entities. It then creates a baseline of expected activities—any deviation from this behavioral baseline will be deemed anomalous, and the user's risk score will increase accordingly.
By detecting suspicious behavior exhibited by hospital staff, including monitoring their access to sensitive healthcare data, UEBA can identify privilege abuse, insider threats, data exfiltration attempts, zero-day attacks, and advanced persistent threats. To further reduce the number of false positives and ensure that the hospital's security team can focus on genuine threats, UEBA solutions analyze behavior within the context of user roles and access levels, helping to distinguish between legitimate activities and malicious actions more accurately. Based on the risk score and the real-time alert it generates, the hospital's security team can prioritize and mitigate security incidents swiftly. A unified SIEM solution like Log360 considers factors like peer group analysis, seasonality, and user identity mapping to improve risk scoring accuracy and threat detection.
To better understand how UEBA can help healthcare organizations, let's take a look at some examples.
UEBA can cater to multiple use cases pertaining to both insider threats and external attacks. However, in healthcare, preventing the exfiltration of medical records containing protected health information, and stopping ransomware and other cyberattacks that can compromise the confidentiality, integrity, and availability of patient data are the crucial use cases UEBA addresses. Let's see how you can combat healthcare threats with UEBA using three real-life examples.
Mark Carter is a med student at the Chicago Hope Hospital in dire need of money. In desperation, he steals patient information he has been given access to by sneakily copying it to a USB device after his shift ends at 5pm. He plans to sell the exfiltrated patient data on the black market for a good price.
But wait! Chicago Hope Hospital utilizes a UEBA solution, which monitors the behavior of every entity and user that belongs to the hospital network. Carter tries to copy critical information on his device at 7pm, but the UEBA solution detects pattern and time anomalies, and increases his risk score substantially.
Dr.Carter tries to exfiltrate critical data.
Despite having the necessary access permissions, his risk score is increased because his actions deviate from his usual behavior, which typically includes viewing, creating, and editing patient records only between 9am and 5pm. Thanks to UEBA, the IT security officer notices the abnormal spike in risk score, and Carter's user account permissions are immediately revoked. His hard disk is confiscated, and the hospital initiates legal actions against him.
It was a rather tiresome day for Dr. Sarah Jones, a pediatrician at Cuplin Health Systems. The moment she stepped into a restaurant for an early dinner, her laptop was stolen from the passenger seat of her car. Upon discovering the theft, she panicked; she had not signed out of the organization's online portal, where the doctors are supposed to record the details of patients they treat each day. The portal contained personally identifiable information (PII), such as names, addresses, dates of birth, and medical data of patients. The PII of numerous children could be used for malicious purposes, such as deriving unintended inferences: That is, using ML algorithms on multiple datasets collected from various sources to derive unverifiable predictions of the data subjects' preferences and behaviors. This could trigger privacy-invasive discriminatory actions against patients, like targeting them based on ethnicity or medical history.
When Dr. Jones reached out to the IT admin, she was informed that her user account was temporarily suspended since her risk score shot up. The hospital's UEBA solution had detected the pattern anomaly evoked by multiple failed login attempts into the laptop. Since she confirmed that the device was stolen, the account was deleted and a case was filed with the local police.
At the Will Palmer Hospital in Baltimore, Dr. Tim Watson successfully completed an unconventional artificial retinal transplant surgery. As everyone rejoiced about Dr. Watson's accomplishment, Anne Wilson, system administrator, breathed a sigh of relief as she quarantined a computer on the network that fell victim to a ransomware attack targeting the medical center's IT network.
The hospital's UEBA solution identified a count anomaly as numerous files were executed that dramatically increased the risk score of an entity, alerting Wilson to take corrective actions that prevented a potentially debilitating ransomware attack, which indirectly contributed to the success of the surgery.
Had the attack not been detected at the right time, hundreds of computers, diagnostic equipment, and network devices that aid in surgery could have been hijacked, incapacitating the hospital's operations. Wilson was glad she chose a UEBA solution to protect her organization.
Dr.Watson, ophthalmologist, shares a light moment with Ms.Wilson, system administrator, after a successful surgery.
A UEBA-integrated SIEM solution like Log360 can help you combat the healthcare threats mentioned above and many other threats as well. Apart from helping you ensure data privacy and security, Log360 also provides SOAR capabilities to enable automated incident response, which can reduce your hospital's mean time to detect and respond to security threats drastically. To learn how else Log360 can help your healthcare organization, sign up for a personalized demo.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.
