Monitoring and analyzing how files are being accessed, how they change, and how they move around the IT environment brings many benefits for healthcare organizations looking to meet HIPAA compliance and mitigate the ransomware threats.
Comply with HIPAA IT auditing requirements
HIPAA requires activity monitoring and access auditing for informational systems (defined as hardware, software, data, etc.) directly:
– 164.308. II D – implement procedures to regularly review records of information system activity (…);
TEMASOFT FileMonitor can provide insight into the data-related activities necessary for compliance reporting.
Comply with HIPAA requirements that imply file access monitoring or file integrity checking
Some HIPAA requirements do not directly ask for monitoring specific activities, but they do require implementation of security controls and insist on ensuring (as an ongoing process) that the policies are in place and effective. TEMASOFT FileMonitor can deliver proof that the policies are in place, or alerts when breaches are detected, by continuously monitoring access to files and analyzing data access patterns.
- 308. a (1) I – Security management process. Implement policies and procedures to prevent, detect, contain, and correct security violations.
It is nearly impossible to prevent, detect, contain and correct security violations involving files (data leakage, data loss, misuse, etc.) if there is no information on how these files are being used. File access monitoring tools not only provide insight into how data is being used but can also detect suspicious activity and alert on operations that can expose or endanger the data.
- 308. a (1) II – Implementation specifications: (A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.
Any risk analysis on data leakage or data loss (involving ePHI) cannot be conducted without knowing where the data resides, who accesses it and how.
- 308. a 2 I Workforce security. Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information, (…)
Performing such procedures is done by using the authentication and authorization mechanisms of the IT systems. However, enforcing these controls and ensuring that the current settings are correct and the policies are being applied, requires constant monitoring.
Monitor and report on authorized use
Although HPAA requires that activities, in general, are reviewed, and access to ePHI should be given on a need-to-have basis, it does not have specific requirements for monitoring what authorized users do with the files they access. Other HIPAA requirements that enforce risk assessment imply that organizations have enough knowledge about how files are manipulated to conduct the evaluation, and this involves authorized use as well.
- TEMASOFT FileMonitor can provide reports on authorized activity which can be reviewed to detect issues.
Tax fraud incidents with information stolen from healthcare organization are on the rise. An example can be found here: https://www.databreaches.net/palm-beach-county-health-department-employee-arrested-for-stealing-2800-patients-information-for-tax-refund-fraud/
This example shows how either authorized persons took information, or made it available to unauthorized colleagues who in turn, stole information further used in tax fraud activities.
An example of deliverable: Get a report with all files accessed by the clerk at the front desk.
- At the same time, TEMASOFT FileMonitor is capable of detecting file movement across the organization and can alert when data is leaving controlled repositories, with the risk of being disseminated to internal employees who might not have access to it. This scenario cannot be enforced by standard DLP solutions as it involves internal sharing using the local area network.
Example of deliverable: Get a report on how ePHI data moves from authorized to non-authorized internal users (track internal copy operations, get alerts when users other than authorized use sensitive files;
Discover attempts to obfuscate ePHI generated by EHR applications
File monitoring solutions that also collect information about the processes manipulating files, and can tag and follow up on files, can be of great help in detecting file operations aimed at hiding the nature of the contained information. Such actions include file archiving, renaming, content modifications, etc. Ability to get an alert on such suspicious activity is important to reduce the risk of information theft by malicious employees.
Detect Ransomware in seconds, and comply with HIPAA requirements regarding malware detection
Ransomware is a major issue for healthcare and single layered security approaches based just on anti-virus engines have failed in numerous cases. Starting with the next release, TEMASOFT FileMonitor can detect ransomware in seconds, significantly reducing the risk of downtime and data loss for healthcare organizations. Its reactivity features allow code execution on detection, enabling immediate corrective measures. This functionality works best as a second layer of security, along with the AV solutions and can integrate when needed: i.e. if ransomware detection identifies ransomware activity, it can trigger an AV quarantine on the malicious process using AV command line, without the AV detecting the process as malicious in the first place.
For more information about the next version of TEMASOFT FileMonitor and how it can help healthcare organizations, follow us on LinkedIn or subscribe to our newsletter.