- Healthcare security information and event management (SIEM) allows organizations to analyze security data in real-time to detect cyberattacks the moment they occur providing more advanced network security.
The HIPAA omnibus rule was updated last year, causing SIEM solutions to gain popularity in the healthcare vertical. The increased number of health IT systems deployed in health IT infrastructure called for a more advanced cybersecurity deployment that gives a more complete view over network security.
SIEM presents event data in a single view from security devices, network infrastructure, systems and applications, as well as log data and network packets. The event data is combined with context information on the user and network vulnerabilities.
SIEM solutions are made up of security information management (SIM) and security event management (SEM) technology. The solution is deployed to provide advanced threat detection, basic security monitoring, and forensics and incident response, according to Gartner.
Healthcare organizations are constantly threatened by malware and other cyberattacks because of how valuable patient data is. SIEM solutions are used to detect these threats in real-time by constantly monitoring all network activity so IT administrators can detect abnormalities.
Gartner advices that organizations should choose an SIEM solution that includes each of the following:
- Support the real-time collection and analysis of events from host systems, security devices and network devices, combined with contextual information for threats, users, assets and data.
- Provide long-term event and context data storage and analytics.
- Provide predefined functions that can be lightly customized to meet company-specific requirements.
- Be as easy as possible to deploy and maintain.
Scalability can be a concern for organizations deploying SIEM solutions because it monitors an entire network infrastructure.
“For an SIEM technology to meet the requirements for a given deployment, it must be able to collect, process, store and analyze all security-relevant events,” Gartner explained.
“Events that need to be monitored in real time have to be collected and processed with minimal latency. Event processing includes parsing, filtering, aggregation, correlation, alerting, display, indexing and writing to the data store,” Gartner continued. “Scalability also includes access to the data for analytics and reporting — even during peak event periods — with ad hoc query response times that enable an iterative approach for incident investigation. Query performance needs to hold up, even as the event store grows over time.”
SIEM solutions are large deployments and not every organization is fully capable of supporting a solution of that size, especially for organizations with restricted IT budgets and staff.
SIEM solutions are also notoriously complex and often require a dedicated IT staff member to manage and monitor it.
A Ponemon Institute report released last year suggested that the lack of available monitoring staff is a factor on why over half of organizations feel they are not getting what is needed out of their SIEM solution.
“The root of their dissatisfaction seems to be related to the complexity of the SIEM itself,” Ponemon Institute Chairman and Founder Larry Ponemon explained in a statement. “In fact, 75 percent of respondents said there is significant, or very significant, effort involved in configuring their SIEM for their organization. Obviously, this complexity can make it very difficult to extract the value they want and need.”
Each health IT system needs to be connected to the SIEM solution and any future HIT infrastructure tools also need to be monitored by the SIEM solution.
Deploying an SIEM solution requires a dedicated IT staff member to monitor and manage it exclusively. Depending on the size of an organization, more than one staff member may be needed. Monitoring an SIEM solution is a complex and consuming process that requires expertise and specialization.
However, the Ponemon report found that 78 percent of organizations employ one or less full-time IT administrator to manage and monitor their SIEM solution. While many organizations choose to outsource SIEM maintenance to external contractors, researchers concluded that the demand for highly trained security analysts greatly exceeds the supply.
SIEM solutions give IT security employees a consolidated and general look into an organization’s security events, which can prevent HIPAA violations and keep health data safe.
Each component of health IT infrastructure has its own security features. However, the ability to see all security events across an organization can be invaluable to protecting data. Organizations that are capable of deploying an SIEM solution successfully will experience greater visibility of network activity.