How access monitoring protects providers from health data breaches


With an average healthcare organization going through more than 2.5 million EMR accesses per day, it can be difficult for an organization to ensure that these accesses are secure, that all important data is secure, and that industry specific compliance is achieved. It’s a lot to follow, and it’s incredibly important. One strategy that works for the sheer volume of access and falls under compliance regulations is access monitoring.

What is access monitoring?

Access monitoring is the act of proactively or reactively observing and analyzing what happened while a user was logged in. A session is defined as a single event during which a user has exercised their access rights, or the period during which a user has been “logged in” to an asset, presumably performing work.

The security camera is watching the bank employees access the safe. Or the footage seen by the police after a bank robbery. In short, access monitoring is the process of double checking to ensure that an organization’s access policy and controls are working as they should.

Access monitoring has many components, and the combination of different components is the best way to protect DME and other sensitive data. It’s impossible to monitor every hit, but a robust sample size should give some insight into what’s going on in your organization’s system.

Proactive monitoring is the observation or analysis of a session without a predefined reason for review. This type of monitoring is often done in real time, or as close as possible to a wide range of sessions. Think of the security guard watching a real-time CCTV video on a property. This type of monitoring is a real-time, multi-angle perspective that provides a broad and comprehensive view of what is going on in a system.

Responsive monitoring is the observation or analysis after a session for a specific reason. Reactive monitoring requires systems and tools to be put in place to record sessions. It is typically applied to a single session or a small subset of sessions and is most often used as part of an incident investigation. Think of the police looking at security camera footage of a bank room after a robbery. It’s after the fact, and very focused in what the surveillance monitors.

Observation is the passive collection or examination of session information. Observation is required for analysis (see below) but not the other way around. Strong access monitoring does not exist without observation, which can take forms such as video recording of a session, text-based auditing, or session data collection.

To analyse is the interrogation of the information or data collected. It can be used in both proactive and reactive use cases. Once the observation is complete, an analysis of a given session or data can take place.

Why Access Monitoring Is Critical To Keeping Your Healthcare Organization Secure

Healthcare organizations are ideal targets for external hackers or insider threats. It’s a treasure trove of valuable information – patent data brings in $ 250 per black market record – and the serious consequences of a violation mean an organization is more likely to pay a ransom, quickly, in the event from a ransomware attack. Not to mention the sheer volume of access points, both from internal users and from third parties, that leave an organization vulnerable to attack.

While having fine-grained access controls in place can work in some situations, healthcare providers need quick access to do their jobs, so monitoring proactively or retroactively is better than monitoring them. stop in the moment. No one can wait for approval or have only a limited number of connections per day or other access control measures in place when those accesses add up to millions. If a doctor needs approval from an IT department before accessing a patient’s allergy EMR record before administering a drug, the result could be fatal.

Additionally, the number of internal users in a healthcare organization (nurses, doctors, technicians, billing, etc.) leaves a system open to insider threats. Simply adding a layer of control over access would not mitigate this threat, as those users should have access. It’s what they do with that access that is the risk. What assets do they access and why?

But safety isn’t the only piece of the puzzle. Healthcare organizations must comply with various regulations (eg, HIPAA) and must be able to show an explanation for each access to compliance officers, along with their access control and monitoring plans. Implementing access monitoring allows these organizations not only to develop a security-focused plan, but also to track each access to stay HIPAA compliant, saving time and money.

Best practices and software solutions

Access monitoring goes far beyond simply keeping a log of what users have accessed. Best practices include:

  • Complete the analysis by observation
  • Use proactive observation only when needed
  • Implement proactive monitoring for high-risk, high-frequency access points, such as when accessing patient records.

By using proactive analysis of session data, instances of anomalies, threats or abuse can be quickly identified. Additionally, subsequent reactive observation can confirm or refute suspicions and provide more critical context for an investigation.

Manual monitoring can be tedious and, depending on the organization, nearly impossible. There are a variety of access control monitoring software solutions on the market that add ease and efficiency to the process, allowing an organization to monitor what matters most without wasting time or risking compliance. If access controls are in place, access monitoring software can also often detect any violation of these controls. Investing in preventative measures now is the best way to avoid a costly cyber attack in the future.

This article originally appeared in Health IT Security.

The article How access monitoring protects providers from health data breaches first appeared on SecureLink.

*** This is a Syndicated Security Bloggers Network blog from SecureLink, written by Isa Jones. Read the original post at:


Comments are closed.