Expanding FairWarning’s Value To Information Security Officers
Early in the Fall of 2015 we will announce FairWarning Patient Privacy Monitoring 4.1. This is the first FairWarning release specifically aimed at expanding our customer value beyond privacy and compliance into information security. FairWarning PPM 4.1 as the name implies is the fourth generation of our technology and is a natural evolution of our core privacy product. The release is in response to the escalating external threats our healthcare customers face. For more of our perspective on cyber threats see the materials from “Threat Actors See Growing Value in PHI in an Industry that is Highly Valued Yet Under Protected” which is a joint webinar we conducted with FireEye Mandiant recently.
Some of the key features of FairWarning PPM 4.1 are detailed below and were developed through internal innovation as well as close collaboration with our most sophisticated healthcare customers:
- Data Visualization. In FairWarning PPM 4.1 data visualization is one-click away in every report or alert that the customer uses. In previous generations of our platform, the emphasis was on “tip based” investigations or alerts so customers wanted flat text to examine the workflow between a patient and a user. In this sense privacy analysts had less use for data visualization. Today, there is far greater emphasis on proactively detecting potential security breaches and cyber crimes. Data visualization provides information security officers the ability to use their formidable intuition and investigation skills to discover threats that alerts and analytics may miss. To see more information on FairWarning and data visualization, see the following blog post
- Statistical Analysis of User Behavior and Trending. FairWarning’s PPM solutions have always been known for our library of scenarios and analytics. Examples include sequential medical record access, threshold reporting, employee on employee snooping and many others. Today’s external threats to EHRs and healthcare applications have raised the bar and FairWarning PPM 4.1 has significantly expanded our capabilities to include statistical analysis of user behaviors relative to themselves, their peers, their department and virtually any criteria that is available in the data. Trending comparisons over time are also naturally available from this capability. These features along with data visualization enable information security officers to leverage their intuition and expertise use to proactively discover threats which escape traditional analytics
- Coordinated Threat Detection and Response. In the past if we detected an unusual pattern of patient access it was attributable to an employee or affiliate of the customer who has access to the EHR or other healthcare applications. The reality today is that an unusual pattern of patient access could also be attributable to an Advanced Persistent Threat (APT) which has compromised user credentials and now systemically extracting patient data from the EHR and is in process of sending patient data to a country which has weak or no laws on cyber crimes including extradition. For this basic reason it is necessary for internal threat technologies to coordinate with external threat technologies. As FairWarning discovers a “bad-actor”, we pass along userid, IP, and other identifying information to other enterprise security products such as SIEMs. To learn more about vendors who are FairWarning Ready for Enterprise Security, visit our website.
- Optimized Work-flows and Ease of Use. Complexity is the enemy of operational excellence and we keep that at the forefront in using and simplifying our own products. So we have leveraged our own team extensively to simplify the user experience, optimize work-flows as well as enhance the new features. For several months, FairWarning PPM 4.1 has been in extensive use with our Managed Privacy Services (MPS) customers which now represent over 200 hospitals. With FairWarning MPS, we operate our solution and most aspects of the customer’s Managed Privacy Services program. So rolling out product releases through this team enables us to optimize the release as well as work out any major kinks before making the release broadly available. Thus far, data visualization, statistical analysis and trending has been enthusiastically received by our MPS customers
- Identity Intelligence (Optional for Customers). Because user identity is so important to the use of FairWarning Patient Privacy Monitoring we have built in an identity intelligence engine into the core platform that works with AD, Lawson, PeopleSoft, Workday and is compatible with third party identity management vendors as well. FairWarning’s identity engine performs user correlation across our customer’s applications and identity infrastructure, it can also play a major role in data cleansing. FairWarning is not a provisioning vendor, but the identity engine in our platform is a fabulous place to start for customers who already use us for Patient Privacy Monitoring or are coming on-board. We will share more on FairWarning and Identity in the future. I will not mince my words here, the reason we invested so heavily in this is that identity management and provisioning plagues the healthcare industry. Cleaner identities in FairWarning means better analytics, statistics, trending and reporting because there is more certainty about the true identity and uniqueness of users
- SOC 2 Attestation. Lastly, we have invested aggressively in FairWarning’s information security and governance. I personally participate in our weekly governance and information security team meetings to demonstrate the highest level of executive support. FairWarning is going through our SOC 2 Attestation beginning imminently. For information on this topic, visit the following blog post.
- Single, seamless platform across product features which has been developed organically as opposed to bolted together through acquisitions
- Expansion of customer value to include information security. FairWarning now serves privacy, governance and information security professionals
- Empowers information security professionals to apply their intuition and expertise to EHRs and healthcare applications through powerful discovery tools
- Intuitive user interface and experience optimized for visualization and fast paced work flows
- Flexible privacy, governance and information security dashboards
- Massively scaleable
- No FTE operational support required as the solution is cloud based technology
We expect to post more information on an Early Adopters Program for FairWarning PPM 4.1 in the short weeks ahead.