By Jeff Kabachinski
One of the biggest focus areas in Healthcare IT is cybersecurity – have you heard? The OCR (Office of Civil Rights) and their audits for HIPAA violations especially via cybersecurity breaches continues to make the news – often times with six- and seven-digit fines.
Parts of the cybersecurity protection landscape include Network Security Management (NSM) and Continuous Monitoring (CM). While it might sound that they would cover the same ground – they do cover different aspects of cybersecurity. That’s the difference we’ll examine in this installment of Tech Savvy.
First of all, we should recognize that cyber-breach or incident response should be under constant vigilance – it’s not a one-shot deal but rather a continuous business process. As I’ve said before, I think it was Ben Franklin who said there are three things certain in life – death, taxes and cybersecurity breaches. In other words, breaches are inevitable.
NSM
While NSM is not the only way to solve detecting and responding to intruders and their breaches, it’s a great way to get started with a cybersecurity defense. It also supports an internal mindset of continuing to find ways to frustrate hackers and intruders. While intruders may still get into your network, you can discourage them from achieving their goals with NSM. In addition, most intruders take time to get to their objective – days or even months. This window of time also allows time for some defense.
NSM is the collection and analysis of network communication with a main focus to increase warnings in order to act on incursions. It’s a way to see intruders and react to the exploit before they can cause any damage. NSM examines every network data packet looking for troubling communication – activity beyond “normal” network traffic. Obviously exactly where NSM is listening in on the network will affect how effective it can be. Listening in on all incoming and outgoing Internet traffic would be a good place to get started.
However, NSM doesn’t block, filter or stop intrusions. It is a cybersecurity strategy that focuses on visibility rather than control – NSM is threat-centric. If you can’t detect it, you can’t prevent it.
CM
On the other hand, CM is vulnerability-centric, centering on system software configuration and weak points. The Department of Homeland Security (DHS) and National Institute for Standards and Technology (NIST) are responsible to ensure CM techniques are being used across federal networks. NIST defines CM as:
“Continuous monitoring is ongoing observance with intent to provide warning. A continuous monitoring capability is the ongoing observance and analysis of the operational states of systems to provide decision support regarding situational awareness and deviations from expectations.”
CM encourages checking system configurations – typically monthly or sometimes more often checking for deviations to standard configurations. CM looks for networked computers to identify configuration vulnerabilities and patch any exploitable holes found.
Positive Outcomes
NSM and CM cybersecurity operations complement each other. NSM keeps an eye out for intrusions and raises the red flag when an intrusion is found. CM continues checking and repairing system vulnerabilities. NSM and CM can operate without the need for human interaction once setup correctly.
A health care organization that makes cybersecurity a priority and is supported by personnel that can take advantage of that visibility is particularly unfriendly to persistent intruders. When faced with this kind of visibility and when fortified with NSM and CM an intruder will eventually lose and back off. As long as you can interrupt the intruder before they complete their exploit tasks – the organization wins. Check the references below for more information – especially the NIST site.
Ready or Not
It’s difficult at this point to exactly determine what the resulting healthcare IT requirements will be without knowing the quality and performance measures involved. We know that interoperability and cybersecurity will be a major part of the quality measures. The new rule also emphasizes information exchange and that patients have access to their health information through use of APIs.
A recent survey by the Healthcare Information and Management Systems Society (HIMSS) showed that while health care providers were not opposed to the big change, most didn’t think that they were ready to make the move into the next phase of participation for the Quality Payment Programs. They’re looking to the rest of the health care industry to help define a consistent approach to MACRA with tools to build infrastructure support mechanisms. The HIMSS site (www.himmss.org) has a wealth of information, some informative recorded webinars and fact sheets about MACRA. Stay alert regarding this one – don’t get caught flatfooted!
