behavioral analytics role in assuring data security · 2018-10-05 · cynergistek, inc. 11410...
TRANSCRIPT
![Page 1: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/1.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
Behavioral Analytics Role in Assuring Data Security
David Holtzman JD, CIPP Vice President Compliance StrategiesRobert Lord, President & Co-Founder Protenus
![Page 2: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/2.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 2
Today’s Presenter
• Vice President of Compliance Strategies, CynergisTek, Inc.
• Subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules
• Experienced in developing, implementing and evaluating health information privacy and security compliance programs
• Former senior advisor for health information technology and the HIPAA Security Rule, Office for Civil Rights
David HoltzmanCynergisTek, Inc.
![Page 3: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/3.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 3
Agenda
I. Insider Threat
II. Regulations and Guidance
III. Enforcement Examples
![Page 4: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/4.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
Insider Threat
4
![Page 5: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/5.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 5
• Healthcare industry comparatively worst sector
– internal actors cause more data breaches than external actors [2018 Verizon Data Breach Investigation Report]
• Insiders are 1st or 2nd ranked cause of breaches reported to OCR[2017 Breach Barometer, 2018 1st Qtr Breach Barometer, 2018 2nd Qtr Breach Barometer]
• Employee snooping and wrongdoing expose more patient records
than incidents involving insider errors or mistakes
– In one case hospital employee inappropriately patients’ records
for 14 years undetected until patient complained
Insiders leading Cause of Breaches
![Page 6: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/6.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
Regulations & GuidanceAccess Auditing & Monitoring
6
![Page 7: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/7.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 7
Regulations - HIPAA Security Rule
• 45 CFR 164.308(a)(1)(i) Security management process
– a covered entity or business associate must implement policies and procedures to prevent, detect, contain and correct security violations
– 308(a)(1)(ii)(D) Information system activity review
• Implement procedures to regularly review records of information systems activity, such as audit logs, access reports, and security incident tracking reports
![Page 8: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/8.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 8
Regulations – HIPAA Security Rule
• 45 CFR 164.312(b) Audit controls
• Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information
![Page 9: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/9.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 9
OCR Guidance Documents
• OCR guidance January 2017 newsletter “Understanding the Importance of Audit Controls”
• https://www.hhs.gov/sites/default/files/january-2017-cyber-newsletter.pdf
• OCR HIPAA Security Rule Educational Paper Series #2, last updated March 2007
• https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html
![Page 10: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/10.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 10
“When determining reasonable and
appropriate audit controls for
information systems containing or using
ePHI, covered entities and business
associates must consider their risk
analysis results and organizational
factors, such as their current technical
infrastructure, hardware, and software
security capabilities.”
OCR 2017 Guidance
![Page 11: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/11.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 11
“It is imperative for Covered Entities &
Business Associates to review their audit
trails regularly, both… after security
incidents or breaches, and during real-
time operations. Regular review of
information system activity should
promote awareness of any information
system activity that could suggest a
security incident or breach.”
OCR 2017 Guidance
![Page 12: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/12.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 12
OCR 2017 Guidance
• Questions covered entities and business associates should consider:• What audit control mechanisms are reasonable & appropriate to implement
so as to record and examine activity in information systems that contain or use ePHI?
• What are the audit control capabilities of information systems with ePHI?
• Do the audit controls implemented allow the organization to adhere to their audit controls policies and procedures?
• Are changes or upgrades of an information system’s audit capabilities necessary?
![Page 13: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/13.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 13
• Key component of network security is monitoring access and activity using tools to warn of accessing
information without authorization
– Deceptive or unfair data security practices arising from inadequate protections against unauthorized
access to data
• Wyndham (2015) required a comprehensive information security program
– Monitor and manage computers connected to company network
– Employ reasonable measures to detect and prevent unauthorized access to the company network and
conduct security investigations
• Ashley-Madison.Com (2016)
– Use readily available security measures to regularly monitor systems and assets to identify data
security events and verify effectiveness of protective measures
• Uber (2017 & 18)
– Monitor access to sensitive personal information
Development of FTC Case Law
![Page 14: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/14.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 14
• NYS Cybersecurity Regulations (23NYCRR Part 500)
– Licensees of Department Financial Services
– Implement risk-based policies, procedures and
controls designed to monitor the activity of
authorized users and detect unauthorized access or
use of, or tampering with, nonpublic Information by
authorized users
States Getting Involved
![Page 15: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/15.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 15
• Monitoring information system activity of employees is the
processing of user’s personal data that requires valid legal basis
• Data Controllers/Processors have a legitimate interest for the
detection and prevention of loss/misuse of personal data
• Data collection/processing must be proportionate to achieve
intended purpose with least impact on privacy of employee
• Establish policies on data retention, access to collection, and use
• Notice if monitoring, means, purpose, and rights of employee
GDPR: Legitimate Need vs Employee Privacy
![Page 16: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/16.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 16
• Clear internal policy, communicated and available to employees
• Describes cases where monitoring and processing of collected
information takes place, for what purposes, by whom, how long
data stored and rights of employees
• Employees actively invited to provide input to internal policy
• Due care is taken to ensure that any monitoring, and processing of
information collected does not restrict EU fundamental right to
privacy any more than necessary for legitimate purpose
Practical Guidelines for Monitoring
![Page 17: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/17.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
Examples of Enforcement
17
![Page 18: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/18.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 18
OCR Enforcement Action
Organization failed to implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports for approximately 1.5 years
• Affected at least 80,000 patients
• Resolution Agreement/CAP
– penalty $5.5 million
– 3 year Corrective Action Plan including external monitor
• Failure to monitor and audit information system activity often cited as a contributing factor in OCR enforcement actions
![Page 19: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/19.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 19
• Hospital fined $38,750 over incident of hospital
employees driven by curiosity accessed EMR of patient
who went missing & eventually found dead on premises.
• Academic medical center fined $250,000 over incident in
which temporary employee accessed records of 71
patients. Used information to make harassing phone calls
and submit credit card applications.
California Department of Public Health
![Page 20: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/20.jpg)
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 20
Questions
David Holtzman
512.405.8550 x7020
Follow me @HITPrivacy
Questions?
?
![Page 21: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/21.jpg)
UEBA:What Is It and Why Does It Matter?
![Page 22: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/22.jpg)
22
Agenda
• How UEBA technologies can ID anomalous
and potentially risky behavior
• Common use cases of monitoring and audit
involving EHR technologies and other
applications that hold PHI or sensitive data
• The pros and cons of deploying UEBA tools
![Page 23: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/23.jpg)
23
UEBA is a heterogenous, rapidly-evolving and
potentially very beneficial category of
technologies that are underutilized by
healthcare
![Page 24: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/24.jpg)
24
Analytics Perspective
© 2017 Sqrrl Data, Inc. All rights reserved.
![Page 25: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/25.jpg)
25
https://www.skyhighnetworks.com/cloud-security-blog/ueba-is-a-feature-not-a-product/
![Page 26: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/26.jpg)
26
Tracks broad patterns of
human behavior and
looks for anomalies
UBA + non-human entities
like workstations and
devices
UBAUEBA
UEBA platform with an
industry-specific offering
INDUSTRY-SPECIFIC UEBA
HC-specific comprehensive
review for inappropriate
activity
COMPLIANCE ANALYTICS
![Page 27: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/27.jpg)
27
Basic Types of Analytics
• Trend
analysis/baselines
• Rules
• Machine learning
![Page 28: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/28.jpg)
28
Advanced Analytics
• Network analysis
• Orchestration/automation
• Context-aware roles
![Page 29: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/29.jpg)
29
![Page 30: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/30.jpg)
30
Proprietary and Confidential - Do Not Distribute
![Page 31: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/31.jpg)
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
31
Ensuring records are not
viewed by neighbors
Making sure sensitive
lists are not shared
EHR PATIENT DATA RESEARCH DATA
Preventing access to
data for internal
retribution
HR DATA
Seeing if devices are
being used as
dangerous vectors
DEVICE DATA
Preventing access to
data for internal
retribution
SCHEDULING/TIMECARD
Seeing if devices are
being used as
dangerous vectors
NETWORK DATA
Data Sources
![Page 32: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/32.jpg)
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
32
Assets to Protect
Ensuring records are not
viewed by neighbors
Making sure sensitive
lists are not shared
PATIENT RECORDS RESEARCH DATA
Preventing access to
data for internal
retribution
HR DATA
Seeing if devices are
being used as
dangerous vectors
DEVICES
![Page 33: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/33.jpg)
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
33
The hospital admin
Example 1
![Page 34: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/34.jpg)
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
34
The “clinical researcher”
Example 2
![Page 35: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/35.jpg)
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
35
The doctor that’s
just not quite right
Example 3
![Page 36: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/36.jpg)
Proprietary and Confidential - Do Not Distribute
Key Considerations
Proprietary and Confidential - Do Not Distribute
36
Information all in
one place
Find threats proactively,
instead of fighting fires
INTEGRATION DETECTION
Aid in fact-gathering and
speed forensics
INVESTIGATION
Demonstrate meeting
and exceeding
regulatory requirements
REPORTING
![Page 37: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/37.jpg)
Proprietary and Confidential - Do Not Distribute
Questions to Ask
Proprietary and Confidential - Do Not Distribute
37
What’s your
cloud strategy?
What protocols and how
real-time?
CLOUD V. ON-PREM DATA ACQUISITION
General solution
vs. specific?
INDUSTRY FOCUS
What data and how
is
it used?
ANALYTICS TYPE
![Page 38: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/38.jpg)
Proprietary and Confidential - Do Not Distribute
Cons of Deployment
Proprietary and Confidential - Do Not Distribute
38
How much signal or you
getting versus noise?
Think long-term TCO
FALSE POSITIVES COST
FTEs in various
scenarios
LABOR
What does success look
like for you?
USE CASES?
![Page 39: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/39.jpg)
Proprietary and Confidential - Do Not Distribute
Pros of Deployment
Proprietary and Confidential - Do Not Distribute
39
Short-term discovery,
long-term change
Savings can be
significant
CULTURE CHANGE LONG-TERM COST
Structures between
privacy, security and
legal
ORGANIZATIONAL CHANGE
Executive and
community awareness
ENTERPRISE TRUST
![Page 40: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/40.jpg)
40
UEBA Context Map
Clinical
Context
Administrative
Context
Type of Clinical
Practice
Patient
Treatment
Patterns
Types of
Information
Viewed
Time Signature
in EHR
Dr. Smith
![Page 41: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/41.jpg)
41
Where is the field going?
![Page 42: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/42.jpg)
42
Actionable Next Steps
• Read HLCU chapter
• Collaborate with security/privacy
• Risk assessment for internal
threats
• Consider above factors
![Page 43: Behavioral Analytics Role in Assuring Data Security · 2018-10-05 · CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com](https://reader034.vdocuments.site/reader034/viewer/2022042223/5ec9cc9138f1360b29432e97/html5/thumbnails/43.jpg)
43
Summary of Tech Types
Description A good fit for…
UBA User behavior monitoring [largely phased out]
UEBAUser and beyond “behavior”
monitoringNon-HC industry
Vertical UEBABehavior monitoring plus some
HC focus
“Check the box”-oriented
healthcare facilities
Compliance AnalyticsPurpose-built healthcare
behavioral analyticsMost healthcare institutions