User behavior analytics and data loss prevention tools are among the most promising yet underutilized or improperly implemented security technologies in healthcare, says security consultant Mark Dill, formerly of the Cleveland Clinic.
User behavior analytics "takes the data from your security information and event management system and re-correlates and uses an evidence-based approach to point to a few number of incidents you ought to be looking at, based on user IDs that are behaving differently [than usual] ... and the same for computers," says Dill, partner and principal consultant at tw-Security. He will be making a presentation at the HIMSS18 conference on achieving cybersecurity best practices.
For example, if certain computer assets were never connected to a database or used in a particular way but suddenly are, "highlighting those scenarios for the incident response team is very important," he says.
When it comes to breach prevention, "data loss prevention is great technology when implemented correctly," he notes. "But I see evidence of failed implementation ... [organizations] are trying to boil the ocean and use these tools well beyond the amount of staff that they have to support them." A far better approach, he says, is "trying to do a few things well."
Disaster recovery is often a critical weak spot for many healthcare organizations, he argues. Plus, he sees weaknesses in incident response.
"I'm pleased when I see organizations interested in proactively testing their incident response, using scenario-specific table-top drills, or beyond table top with real events in an isolated lab," he says. "Organizations aren't stepping up to that plate as frequently as I'd like to see. ... I'm not seeing a lot of hospitals actually rehearsing their disaster recovery scenarios."
In the interview (see audio link below photo), Dill also discusses:
- Other practices that healthcare entities often fail to implement;
- How some entities are beginning to mature their cybersecurity programs beyond a HIPAA compliance approach;
- Evolving cyberthreat trends.
Before joining tw-Security, Dill was director of information security for the Cleveland Clinic, responsible for the deployment of information security and disaster recovery best practices. Dill contributes to local, regional and national efforts supporting information security program advancements.