- Since the Department of Health & Human Services (HHS) updated HIPAA in its omnibus rule, security information and event management (SIEM) solutions have gained traction in healthcare and health IT infrastructure bears the mark.
The omnibus rule expanded HIPAA in response to a growing number of network attacks on health systems, hospitals, and physician practices due to increased IT adoption in the healthcare industry.
Healthcare IT departments must have a clear look into their infrastructure and monitor all facets of the network in order to detect threats before data is compromised. HIPAA violations can result in fines which many organizations cannot afford to pay or a hit to their reputation that they cannot recover from. Implementing SIEM solutions protects institutions against such possibilities.
Gartner Inc. defines SIEM as “a technology that aggregates event data produced by security devices, network infrastructures, systems, and applications.” Gartner states that the “SIEM market is defined by the customer's need to apply security analytics to event data in real time for the early detection of targeted attacks and data breaches, and to collect, store, analyze and report on log data for incident response, forensics and regulatory compliance.”
An IT security event is a change in normal operations. Not all events mean the network is in danger, but all events are logged by an SIEM solution as a potential danger to an organization. Hundreds of events can be logged each day and it is possible that all of them are nonthreatening.
SIEM is essentially a window into the security solutions an organization has implemented. SIEM solutions collect, analyze, and present information to monitoring IT staff, who then detect if there is a weakness or threat to the healthcare IT network.
In addition to monitoring infrastructure security for each individual implementation (e.g., network, storage, applications), SIEM aggregates all security data together to be evaluated from a single point of view.
SIEM is derived from two legacy security systems: security information management (SIM) and security event management (SEM). SIM collects data and log files and compiles it into one place. SEM centralizes this data for easier interpretation.
SIEM solutions aggregate data from the networks, servers, databases, and applications, which allows monitors to easily see common trends and point out abnormalities and potential security breaches. They link similar events together to determine if a threat is coming from more than one place.
Logs are created for searching through event history to make comparisons with past abnormalities. Monitors receive notifications when serious issues are detected.
Before deploying an SIEM solution, a profile must be created as a constant under normal circumstances where no abnormal events are taking place. This may require in-depth security scans of each infrastructure component — and take time. This constant creates a point of comparison so the SIEM solution knows which events need to be aggregated and which events are abnormal.
Deploying an SIEM solution requires a dedicated IT staff member to monitor and manage it exclusively. Depending on the size of an organization, more than one staff member may be needed. Monitoring an SIEM solution is a complex and consuming process that requires expertise and specialization.
Smaller institutions may require a less expensive alternative. Managed security service providers (MSSP) are the outsourced alternative to full-scale SIEM solutions. MSSPs don’t offer the customization and depth of SIEM solutions but oversee many of the same functions.
SIEM solutions give IT security employees a consolidated and general look into an organization’s security events which can prevent HIPAA violations and keep health data safe. While each component of health IT infrastructure has its own security features, the ability to see all security events across an organization can be invaluable to protecting data.