Analysis of data inside and outside of a healthcare facility can help identify when a breach is occurring and enable the organization to take proper mitigating actions, says Ken Bradberry, chief technology officer at Xerox Commercial Healthcare.

Intrusion and detection analytics tools, can spot “broken patterns” such as a rouge user created via a compromised ID from a directory of authorized, role-based users for a specific network or application, he explains. Running the directory against an analytics rules engine could spot anomalies.

Once a suspicious pattern is found, “now I have awareness,” Bradberry says. “It could be nothing, or an ID created with malice.” The idea is to have an analytics-based program in place to give an organization a level of security decision support it doesn’t have today.

Role-based logging audits can flag activity and manage users to make sure they are not in areas they don’t need to be in. And it isn’t just electronic health records systems that should be audited; middleware and application-level audits also should be done to offer more insightful monitoring.

Interfaces to the ADT system, a modem or a fax interface could have a security hole, Bradberry cautions. For instance, a hacker may find the EHR to be hardened, but no one at the organization has noticed a port open or a bug in the interface of an ancillary system. “We’re talking about the entire HIT environment that contributes to data sharing.”

Conducting analytics against various applications and devices--all of which aggregate data--can help an organization set patterns and baselines of safe and normal activity, and then decide how to react when specific sets of abnormal activities are detected. There are tools available to analyze data relationships and structures, and to apply security analytics to them. “This can really change the way we secure data and educate administrators,” Bradberry says.

And education is important because when breaches occur, top administrators tend to want to get things back to normal as soon as possible, he adds. But they need to see the incident as a learning opportunity. If the focus is to get systems back up, send out notification letters and quickly return to normalcy, an organization will miss opportunities to evolve security monitoring management. “You need to know why a breach happened and be proactive.”

Highway cameras are very helpful in reconstructing accidents, Bradberry notes. Investigators can correlate where specific vehicles were and their speed, as well as where occupants were in the vehicles before the crash, “to correlate and understand things you never understood before.” And the same thing can be done with data security analytics--to piece together what was happening right before the incident. “All this data leaves trails and gets cached and available someplace.”

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access