A Multifaceted Breach Prevention Approach

Protecting 4 million patient records from breaches takes a multifaceted approach, says Bredai “Dai” Snyder of Care Coordination Institute, a South Carolina-based company that works with healthcare providers to improve their clinical outcomes.

“Our breach prevention efforts really revolve around three core functions,” Snyder says in an interview with Information Security Media Group. Those include an enterprise content management platform, an identify management application and a breach detection system.

The institute uses Box for application development and information exchange, “which is preventive and has a lot of back-end security and governance to keep things from going where they’re not supposed to,” she says.

To ensure “a very tight infrastructure,” the institute uses an identity management application, Microsoft Azure Active Directory. The identity management tool “prevents you from accidentally logging into an electronic medical record or other system you should’ve have access to in the first place,” she explains.

For breach detection, instate uses monitoring tools from Fairwarning. Those tools send off alerts for incidents involving potential unauthorized access, she explains.

‘People Risk Score’

The institute uses Fairwarning to monitor all critical applications, she says. The tools generate “a people risk score” that takes into account the individual user and all the applications that person is authorized to access.

“People like systems administrators have much higher risk scores,” she says. “So, if [the Fairwarning tools] sends off an alert, we can look at that user across all systems – we’re not running 20 different reports. It’s consolidated into one smooth clear picture” that staff receive in a report on a daily basis as alerts come up.

“Between Box, Azure and Fairwarning we have a very, very tight data governance policy,” she explains. “With 4 million patient records, we are a target,” she says, pointing to phishing attacks as well as other cyberattack attempts. “The good news is that we haven’t had any breaches yet,” she contends.

In the interview (see audio link below photo), Snyder also discusses:

  • Other efforts at the institute to bolster data privacy and security;
  • Emerging telehealth-related security and privacy challenges;
  • Other important security and privacy issues her team is tackling.

Snyder is a delegated oversight program manager in the compliance department of the Care Coordination Institute, which supports healthcare organizations’ population health management efforts. She has extensive experience in healthcare IT management and security as well as healthcare compliance. Snyder helps to oversee the security of patient records and manages business associate and vendor relationships to ensure compliance with regulations. Additionally, she identifies and vets digital health solutions to help advance and streamline functions while maintaining the security of data.

Read More