e-book
Five Ways to Use Security
Intelligence to Pass Your
2012 is shaping up to be a busy year for auditors. Reports indicate that the Department of Health and Human Services’ Office for Civil Rights will be conducting as many as 150 HIPAA audits throughout the year. Audit targets will vary based on size, business type, and
previous violations – although it is reported that the latter will be less of a focus.
Right now, we don’t know how invasive the audits will be, who will be targeted, and when exactly they will begin, but we do know that audits are coming.
Is your organization at risk? Are you prepared?
To help you make sure you’re in shape to face the auditors knock, here are a few tips on how to make passing a HIPAA audit much less painful by using Security Intelligence to your advantage.
Percentage of [healthcare]
organizations that grade their
ability to counter information
security threats as poor, failing
or in need of improvement
Consolidating data, storing logs, and correlating events and network activity will help you gather a baseline of data needed to show
compliance. Healthcare data often resides in disparate systems across the organizations. If you have only a month to prepare for a HIPAA audit, will you be ready in time? Think back to the last time you had to search logs for important information.
• How many people were involved?
• How many hours, or days, did you waste?
• If you have a small team, how did this impact your ability to
address other issues?
Log, store, and correlate events along with network
activity to create a baseline
The key to making sure you are able to prepare for an audit in a short amount time lies in the ability to quickly and easily access your data; this is where an intelligent, automated and integrated solution like the QRadar® Security Intelligence Platform comes into play. In a recent QRadar deployment, Arkansas Children’s Hospital was able to consolidate, filter, and protect their growing silos of log data. Not only were they able to quickly deploy QRadar, the security team found that it immediately integrated with existing log-producing sources and helped them identify potential offenses in real-time. Centralizing log events from sources containing critical patient information and using automated reporting functions enabled them to go beyond compliance, and achieve total security intelligence.
Watch this video to hear what other benefits Arkansas Children’s Hospital gained from the QRadar Security Intelligence Platform.
Percentage of organizations
that have yet to conduct a
risk assessment, as mandated
under HIPAA
26%
Use a risk management solution to address
network and device vulnerabilities
2
A risk assessment will analyze your network and device configuration for potential vulnerabilities, shifting you from reactive to proactive in the way you manage threats. Demonstrate that you are aware of all activity and configurations across your network; have vulnerabilities properly documented with evidence that they are actively being mitigated.
The QRadar Security Intelligence Platform includes a comprehensive list of industry specific policy templates various healthcare mandates including HIPAA to help determine risk and prioritize actions. Out of the box, QRadar can help you catch vulnerabilities that otherwise would have gone undetected.
Watch this video testimonial from Ohio Health, describing the benefits they saw from QRadar, including the ability to proactively prevent attacks and see threats before they become a problem.
“With the QRadar product, we’re able to see a lot of things before they even occur, and prevent them up-front before it becomes a real problem… It’s a very proactive tool. It helps us get in front of the things that we need to be in front of…”
Limit mobile devices to viewing data, not storing
3
Use, verify, and document encryption for media and mobile devices. The data on your mobile data device must be encrypted. If you
backup the data from your device to another device that is not encrypted the backup data must also be encrypted.
I would expect to see, in the long run, a phase out of desktop computers and a phase in of mobile devices.
How do you demonstrate that IT staff and users are adhering to this level of encryption policy? The only way is to monitor actual network activity. The QRadar Security Intelligence Platform’s flow capabilities provide an advanced level of packet analysis, enabling recognition of applications and protocols such as VoIP, ERP, database appliances, and more. QRadar has the ability to examine every packet and pull this data together into one location, providing context and actionable information. This helps prevent employees from accessing private patient information, and misconfigured vulnerable systems from exposing the network to threats.
Further, being able to demonstrate that you are in compliance with these policies can be easy using the hundreds of pre-built reports that address many of the major compliance regulations including HIPAA. Want to know the top daily security and policy offenses? How about the most targeted IPs for a given week?
...ease of use was a big reason [we chose QRadar]. The second was the way it integrates with flow data… it just turned out to be an invaluable tool. [We get] visibility into the traffic flowing across our network… the information it brings to light sometimes scares you.
Document a plan to achieve compliance and begin
acting on it
4
It’s important to show a “good faith” effort to the auditor(s). Even if you don’t have every box checked and completed, put together a comprehensive list of goals and steps needed to achieve each of them. For example, if a healthcare organization is in any way responsible for electronic transactions with partners or other
organizations, they must comply with HIPAA code. If this organization cannot immediately show compliance, the second best option is to document its good faith efforts to comply with the standards and submit a corrective action plan.
Some symbols of “good faith” in this case might be an increase external testing with payment partners, attempt at testing with
Security intelligence can make the discovery, documentation and planning process straight forward.
Through a centralized, browser-based console, QRadar offers a consolidated view of an organization’s security environment. The console provides role-based access by function and a global view to access real-time analysis, incident management, and reporting. Users across the Information Security, Operations and Auditing teams can customize their own workspaces; drill down into specific events, network flows, or threats.
To see a demonstration of how the QRadar Security
Intelligence Platform can help you demonstrate compliance with mandates and internal policies, watch this video.
A bonus tip - be sure to revise and update your security policies after
every risk assessment.
Percentage of organizations
that have been breached in the
last 12 months
Protect ePHI and PII at all costs
5
Electronic Medical Record (EMR) systems, billing systems, servers, x-ray machines, ultrasound devices, etc can all hold Electronic Protected Health Information (ePHI). Make sure that your security intelligence solution includes the correct event sources and network traffic to properly secure and monitor ePHI.
The QRadar Security Intelligence Platform protects ePHI and PII by providing visibility across the entire infrastructure to deliver a manageable set of prioritized security threats along with identity information that is critical to rectify the situation. To quickly identify internal misuse, QRadar will display internal threats and integrate with pre-existing Identity and Access Management (IAM) solutions. Combined, these data sources develop a complete picture of an asset’s user identity and behavior as well as vulnerability state, which is not available through IAM solutions alone.
Recommendations
Percentage of organizations
whose top concern is
compliance with HIPAA and
preventing a security breach.
66%
Security Intelligence can help you exceed the technical controls in HIPAA compliance mandates by improving your organization’s ability to protect sensitive patient information and related data. This is accomplished by combining log management, SIEM, network behavior analysis, and risk management into a single solution. With real-time network behavior analysis, healthcare organizations have deeper visibility into the behavior profiles of systems, applications and users across their organization’s entire network. As a result,
product acquisition, deployment, and operational costs are a fraction of alternative ”point product” solutions, thus maximizing return
on investment, while minimizing security threats for healthcare organizations protecting critical patient data.
To visualize how QRadar can keep you protected before,
during and after an attempted breach, watch this video of the Security Intelligence timeline.
Visit: q1labs.com/healthcare
Read: Security Intelligence for Healthcare Brochure
Watch: Prioritizing Security and Compliance Management for Healthcare Organizations