Do You Have Real-Time Visibility into Your Epic EHR Instance?

In 2017, there were 477 reported health care breaches in the U.S. affecting 5.6 million patient records. Seventy-one percent of these breaches were due to hacking and IT incidents.

In recent years, privacy breaches have proven to be a major issue for health care entities and their patients. The health care industry is feeling the brunt of hacker attention more so than any other sector. But what exactly makes this information and this sector so attractive to cyber criminals?

The Value of Health Care Data

Health care data is both high-impact and high-value. Health care records from major data heists are a gold mine for vendors of stolen data, because this category of data has a very high rate of demand on dark web markets.

Health care documents contain a vast amount of personally identifiable information that can be lucrative for cyber criminals. Not only does it include a patient’s name, address, Social Security number and payment information, but compromised electronic health records (EHR) also include patient diagnoses, medications, and doctor visit history.

Buyers may use these files to commit identity theft and medical fraud. Trend Micro research found that EHRs are being used to create fraudulent documents like fake IDs, tax returns, and birth certificates. People can even buy drugs with stolen prescriptions, giving them access to controlled substances.

The Damage from Data Breaches

Data breaches can lead to severe reputation damage, extortion, and more. Cyberattacks in health care can easily become public knowledge as breaches affecting 500 or more individuals must be reported and listed per HITECH Act requirements.

In addition to negatively impacting public opinion, large data breaches can be extremely costly for highly regulated health care organizations. According to data from the Ponemon Institute, the cost per leaked record in the health care sector has once again risen, from $369 in 2016 to $380 in 2017.

Need for Real-Time Visibility

Given the high stakes involved, health care organizations need to ensure threats to patient privacy are detected and mitigated quickly. However, many health care security solutions on the market today do not provide real-time monitoring and reporting into EHR access data. This causes problems when it comes to containing an incident and addressing it quickly before it becomes a breach. It is extremely hard to rapidly respond to a threat when your analyst may not see the incriminating data or alarms for hours or even days. When attackers have hours and days’ worth of access to information before an alarm triggers, they have plenty of time to compromise the records of hundreds or thousands of patients. It’s clear that time means everything when it comes to containing incidents and breaches.

LogRhythm’s Epic Hyperspace App

Epic Systems Corp. is one of the largest providers of health information technology. Many of our health care customers use Epic as their EHR solution. These customers want more visibility into their Epic instance—they want more than the usual normalization, classification, and enrichment of data performed by the LogRhythm NextGen SIEM Platform. For these customers, our LogRhythm Labs team created the LogRhythm Epic Hyperspace App.

This app provides needed visibility into potential, unusual activity within and related to Epic Hyperspace EHR systems through full log parsing support for over 30 events forwarded from Epic. You’ll get pre-configured alarms, reports, rules, and dashboards that provide real-time visibility into events, such as inappropriate access to or downloads of patient medical records. You’ll also receive insights into the context of the user accessing patient records and the logic behind the attempted access. Since the Epic Hyperspace App is integrated with the LogRhythm platform, you’ll gain broader, organization-wide security context that a single point solution can’t provide. To learn more about the app’s capabilities, download the LogRhythm Epic Hyperspace App data sheet.

The Epic App, in conjunction with the LogRhythm Health Care Compliance Automation Module, provides even more powerful capabilities. This module offers pre-built content to support your compliance with HIPAA, HITECH, and Meaningful Use guidelines. The resulting comprehensive security framework helps to protect your patients’ data and improve your organization’s security posture.

Epic App in Action

Health care organizations typically fall victim to two common types of inappropriate access: employee snooping and malicious breaches. Although most inappropriate access in health care comes from employees or insiders, the most impactful, widespread damage often comes from malicious breaches. It’s crucial to monitor for and be able to catch both types of inappropriate access to protect patient data. That’s where the LogRhythm Epic Hyperspace App can help.

Employee snooping usually involves an employee accessing patient records without a legitimate work-related reason to do so, perhaps to view a celebrity patient’s record or the record of a neighbor. These incidents can be discovered after the fact, in an audit, but the LogRhythm Epic Hyperspace App offers a way to catch snooping employees in real time. The LogRhythm Epic Hyperspace App provides monitoring for excessive user and patient Break-the-Glass-Access—a quick means for a person who does not have access privileges to certain information to gain access when necessary. Built-in rules trend access by user and by patient. When there are anomalous access attempts, an alarm will fire. Your team can then launch a response, including locking down the endpoint or blocking the user’s access.

Virtual Private Network (VPN) usage is important for health care organizations, particularly for remote users accessing the network. However, it’s important to monitor VPN-based access to your Epic instance because this remote access raises concerns around data leaks and patient privacy. When paired with LogRhythm’s geolocation capabilities, the LogRhythm Epic Hyperspace App provides monitoring for VPN-based access to Epic to quickly alert to remote security threats. Whether it’s an employee with good intentions or a malicious attacker, your security team can act on these incidents. For example, your team can automatically lock down the user account using SmartResponse™ to prevent data exfiltration.

Visit the LogRhythm Community to find out more and download resources on the Epic Hyperspace App.