Healthcare in the Digital Age: Obamacare and the Information Security Imperative

On October 1^st, the opening of the Affordable Care Act (ACA) healthcare exchanges, and the many glitches and outages they suffered, provided an opportunity for the tech press to get in on the Obamacare action, reporting on the level of preparedness (or lack thereof) demonstrated by the various state and federal websites comprising the exchanges.

Despite the furor, neither the reporters nor the experts with whom they spoke seemed especially surprised by the problems. When new technologies are rolled out on a large scale, there are bound to be glitches, as recently experienced by Apple's iOS 7 and the online version of Grand Theft Auto V. All of these problems cause headaches for consumers, but when it comes to the healthcare exchanges, there is a great deal more at stake.

While the media and consumers might be willing to forgive website slowdowns and crashes, the lack of preparedness and insight into the problems happening with the IT environment underscores a scarier, more insidious issue: If the healthcare exchanges can't ensure performance and availability, are they really prepared guarantee the security of patient information and ensure regulatory compliance on such a massive scale? Persistent advanced threats, zero-day attacks, and even security issues as basic as a stolen laptop can put private patient information at risk. Protecting that data will be of paramount importance as more and more patient information goes digital.

Pervasive Monitoring: Ensuring Compliance and Security When Prevention Is Futile

In his May 2013 report titled Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence, VP and Gartner Fellow Neil MacDonald wrote: "Part of the answer to the seemingly insurmountable problem of how to identify attacks without signature-based mechanisms lies in pervasive monitoring to identify meaningful deviations from normal behavior to infer malicious intent. If you assume systems will be compromised with advanced targeted threats, then information security efforts need to shift to detailed, pervasive and context-aware monitoring to detect these threats."

The ExtraHop compliance and security solution delivers continuous, real-time auditing and anomaly detection across the entire application delivery chain, analyzing all wire data, including encrypted traffic, to deliver visibility and intelligence that mitigates risk and helps ensure compliance with both internal policies and regulations such as HIPAA, PCI DSS, and SOX. This pervasive, context-aware monitoring delivers correlated, cross-tier visibility and anomaly detection that complements intrusion prevention (IPS), intrusion detection (IDS), and security information and event management (SIEM) systems.

With context-aware monitoring from ExtraHop, IT teams can:

• Identify and investigate potential SQL injection attacks by analyzing queries in real time.
• Audit data flows in to and out of the IT environment: how much data and how often.
• Baseline performance and track changes that could indicate a DoS attack (in cases when activity spikes) or misconfiguration or malware (when activity is too slow).
• Monitor unauthorized access to applications according to group policy.
• Track access to sensitive data stored on specific storage partitions.
• Support compliance efforts with audit logs of all unauthorized access attempts and other reports.

ExtraHop also offers integration with Splunk Enterprise, transforming real-time security-related wire data into machine data for elegant, in-depth visualization of conditions occurring in the IT environment. This insight enables IT, compliance, and security teams to easily pinpoint the system, application, or infrastructure element in which a security event is occurring without using agents or offline packet capture.

Wire Data Analysis Provides Context for IT Security