Healthcare and Technology news
46.5K views | +8 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

Compromised logs can hamper IT security investigations 

Compromised logs can hamper IT security investigations  | Healthcare and Technology news | Scoop.it

At the heart of most devices that provide protection for IT networks is an ability to log events and take actions based on those events. This application and system monitoring provides details both on what has happened to the device and what is happening. It provides security against lapses in perimeter and application defences by alerting you to problems so defensive measures can be taken before any real damage is done. Without monitoring, you have little chance of discovering whether a live application is being attacked or has been compromised.

 

Critical applications, processes handling valuable or sensitive information, previously compromised or abused systems, and systems connected to third parties or the Internet all require active monitoring. Any seriously suspicious behaviour or critical events must generate an alert that is assessed and acted on. Although you will need to carry out a risk assessment for each application or system to determine what level of audit, log review and monitoring is necessary, you will need to log at least the following:

  • User IDs
  • Date and time of log on and log off, and other key events
  • Terminal identity
  • Successful and failed attempts to access systems, data or applications
  • Files and networks accessed
  • Changes to system configurations
  • Use of system utilities
  • Exceptions and other security-related events, such as alarms triggered
  • Activation of protection systems, such as intrusion detection systems and antimalware

Collecting this data will assist in access control monitoring and can provide audit trails when investigating an incident. While most logs are covered by some form of regulation these days and should be kept as long as the requirements call for, any that are not should be kept for a minimum period of one year, in case they are needed for an investigation.  However, monitoring must be carried out in line with relevant legislation, which in the UK is the Regulation of Investigatory Powers and Human Rights Acts. Employees should be made aware of your monitoring activities in the network acceptable use policy.

 

 

Log files are a great source of information only if you review them. Simply purchasing and deploying a log management product won’t provide any additional security. You have to use the information collected and analyse it on a regular basis; for a high-risk application, this could mean automated reviews on an hourly basis. ISO/IEC 27001 control A.10.10.2 not only requires procedures for monitoring the use of information processing facilities, but demands the results are reviewed regularly to identify possible security threats and incidents.

 

However, even small networks can generate too much information to be analysed manually. This is where log analysers come in, as they automate the auditing and analysis of logs, telling you what has happened or is happening, and revealing unauthorised activity or abnormal behaviour. This feedback can be used to improve IDS signatures or firewall rule sets. Such improvements are an iterative process, as regularly tuning your devices to maximise their accuracy in recognising true threats will help reduce the number of false positives. Completely eliminating false positives, while still maintaining strict controls, is next to impossible, particularly as new threats and changes in the network structure will affect the effectiveness of existing rule sets. Log analysis can also provide a basis for focused security awareness training, reduced network misuse and stronger policy enforcement.

 

ISO/IEC 27001 controls A.10.10.4 and A.10.10.5 cover two specific areas of logging whose importance is often not fully appreciated: administrator activity and fault logging. Administrators have powerful rights, and their actions need to be carefully recorded and checked. As events, such as system restarts to correct serious errors, may not get recorded electronically, administrators should maintain a written log of their activities, recording event start and finish times, who was involved and what actions were taken. The name of the person making the log entry should also be recorded, along with the date and time. The internal audit team should keep these logs.

 

There are two types of faults to be logged: faults generated by the system and the applications running on it, and faults or errors reported by the system's users. Fault logging and analysis is often the only way of finding out what is wrong with a system or application. The analysis of fault logs can be used to identify trends that may indicate more deep-rooted problems, such as faulty equipment or a lack of competence or training in either users or system administrators.

 

All operating systems and many applications, such as database server software, provide basic logging and alerting faculties. This logging functionality should be configured to log all faults and send an alert if the error is above an acceptable threshold, such as a write failure or connection time-out. The logs should be reviewed on a regular basis, and any error-related entries should be investigated and resolved. While analysing all logs daily is likely an unrealistic goal, high-volume and high-risk applications, such as an e-commerce Web server, will need almost daily checking to prevent high-profile break-ins, while for most others a weekly check will suffice.

 

There should be a documented work instruction covering how faults are recorded or reported, who can investigate them, and an expected resolution time, similar to a service contract if you use an outside contractor to support your systems. Help desk software can log details of all user reports, and track actions taken to deal with them and close them out.

 

No matter how extensive your logging, log files are worthless if you cannot trust their integrity. The first thing most hackers will do is try to alter log files to hide their presence. To protect against this, you should record logs both locally and to a remote log server. This provides redundancy and an extra layer of security as you can compare the two sets of logs against one another -- any differences will indicate suspicious activity.

 

If you can’t stretch to a dedicated log server, logs should be written to a write-once medium, such as a CD-R or DVD-R, or to rewritable media such as magnetic tape data storage or hard disk drives that automatically make the newly written portion read-only to prevent an attacker from overwriting them. It's important also to prevent administrators from having physical and network access to logs of their own activities. Those tasked with reviewing logs should obviously be independent of the people, activities and logs being reviewed.

 

The protection of log information is critical. Compromised logs can hamper IT security investigations into suspicious events, invalidate disciplinary action and undermine court actions.

 

Another point to bear in mind is system clocks need to be synchronised so log entries have accurate timestamps. Check computer clocks and correct any significant time variations on a weekly basis, or more often, depending on the error margin for time accuracy.

 

Clocks can drift on mobile devices and should be updated whenever they attach to the network or desktop. Always record the time of an event in a consistent format, such as Universal Coordinated Time (UTC) across all files. For additional security, add a checksum to each log entry so you can detect if any entries have been tampered with. Controls also need to be in place to ensure there is ample log storage. If your logs can be trusted, they can help you reconstruct the events of security incidents and provide legally admissible evidence.

 

Logging and auditing work together to ensure users are only performing the activities they are authorised to perform, and they play a key role in preventing, as well as in spotting, tracking and stopping unwanted or inappropriate activities.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

 
more...
No comment yet.
Scoop.it!

Health Care IT Innovation: The Best is Yet to Come

Health Care IT Innovation: The Best is Yet to Come | Healthcare and Technology news | Scoop.it

"It's just a painful business to be in. I think the regulatory burden in the United States is so high that it would dissuade a lot of entrepreneurs."

Indeed, Google co-founder Sergey Brin, speaking at a venture capital conference last summer, hints at the sentiment shared by many — that the intense regulation surrounding the health care industry has the potential to stifle innovation, particularly from a health care information technology perspective.

On the contrary, regulatory policy can actually help spur innovation — regulation and innovation can and do coexist. For the last several years, HIT adoption in the United States has been driven by regulation — the meaningful use incentives. At the same time, the industry has experienced unprecedented growth in HIT innovation.

An Era of Accelerated Innovation

While the pace of meaningful use needs to be moderated, and many of the electronic health record requirements seem to verge on micromanagement, there's no denying that the significant expansion of the industry's HIT foundation — EHRs, analytics, electronic prescribing and health information exchange — can be attributed to the 2009 HIT legislation known as the HITECH Act. Consider the following:

  • Hospital adoption of EHR systems has increased more than fivefold since 2008.
  • In 2013, nearly 78 percent of office-based physicians had adopted some type of EHR system. About half of all physicians (48 percent) adopted a basic EHR system with select features in 2013, more than doubling the basic system adoption rate in 2009.
  • Electronic health information exchange among hospital and outside providers grew 51 percent from 2008 to 2013.
  • Experts predict that advanced health data analytics will continue to grow significantly, from a 10 percent adoption rate in 2011 to 50 percent by 2016.
  • Seventy percent of providers nationwide are now using electronic prescribing through their EHRs, a tenfold increase since 2008.

This level of IT use creates a context that accelerates innovation. Innovation occurs within EHR and health information exchange products, for example, and the adoption levels provide a sizable IT foundation upon which other innovations can take place. For instance, with a large base of EHRs, the innovation of personal health records can be accelerated.

A Societal Shift

The meaningful use program is not the only factor providing a supportive context for HIT innovation.

Health provider leaders have become progressively aware of the need for substantial investments in HIT if their organizations are to address the challenges presented by material changes in payment strategies and tactics. Moreover, these leaders are part of a generation that grew up with computers — they played Pong, wrote high school papers on personal computers and saw the introduction of minicomputers enabling departmental systems. This generation is more comfortable with HIT than its predecessors.
 
But, perhaps the most important factor influencing HIT innovation is the relentless IT product, service and business-model innovation we experience in all facets of life.

Our world has been transformed fundamentally by the influx of digital devices into our daily lives. Technology has democratized and consumerized nearly every major industry, from retail to banking to air (and even city) travel, within the past few decades.

Want to avoid the hassle of hailing a taxi and instead sip a latte while you track your driver's whereabouts on your phone? Simple: Download the Uber app.

Although there's nothing particularly novel about consumer preference toward a shiny black car over a yellow cab — or the use of GPS to track a vehicle's location, paying for a service directly on your phone (tip included), or providing instant feedback on said service — Uber's founders creatively combined these features to the delight of its customers. With a throng of early adopters in tow, Uber literally drove full steam ahead into another heavily regulated industry, disrupting entrenched incumbents and mature supply chains in major cities across the country and around the world.

And while Uber's success has also come with its share of challenges and growing pains — including court battles with regulators and city councils, PR crises, lawsuits and international bans — we are wise to remember that some battles are worth fighting, especially when the potential exists to enable dramatic improvements in service quality.

Uber is one of many examples of information technology permeating our lives, and is a terrific example of IT innovation. This extraordinary overall IT innovation phenomenon has strengthened the innovation context in health care. Not only can we import these advances into health care, but we also have a deeper understanding of IT's potential.

Playing to Win

The collective impact of federal actions, IT-savvy leadership and the dynamic IT marketplace has led to a significant increase in the level of HIT innovation. A scan of the current landscape shows that HIT innovation is coming primarily from five main sources:

HIT startups/entrepreneurs. According to StartUp Health, slightly more than a billion dollars was invested in HIT startups in 2010. By 2013, investments rose to $2.9 billion via 590 deals. And in 2014, approximately $6.5 billion went into HIT startups, more than doubling the 2013 funding. Furthermore, top incubators such as Rock Health, Dreamit Ventures and Blueprint Health are funding and supporting anywhere from 50 to 100-plus startups at any given time.

Traditional HIT companies. From a traditional HIT company's standpoint, patents are often a telling metric for innovation. In the last five years, Siemens, Microsoft, Cerner, McKesson, Optum, Epic and Allscripts have been responsible for a combined total of 526 patents granted in HIT. Prior to 2009, the combined total of the same group of vendors stood at 150.

Additionally, today we see more and more HIT vendors opening up their software for innovation by others. Cerner, Allscripts and Athenahealth have opened up their platforms, enabling third-party developers to integrate their technology with the EHR vendor platform.

Athenahealth aims to further encourage entrepreneurship through its HIT accelerator program. Complementing its own development efforts with a network collaboration approach, the company actively recruits and fosters startups to expand its range of services for physicians.

New and interesting collaborations among the leading HIT vendors and forward-thinking providers are also yielding impressive early results. For example, the Healthcare Services Platform Consortium has its eye on advanced interoperability as well as sharing more complex processes, such as clinical workflows and clinical decision support logic among different EHR vendors' platforms. The group's work thus far is both impressive and tangible.

Traditional IT companies. They've become global household names to just about everyone from grade-schoolers to senior citizens, and they recently have set their sights on health care. Companies such as Apple, Google and Facebook are poised to grab significant health care market share as the industry continues to digitize and shift more power into the hands of health care consumers.

For example, Apple's HealthKit platform debuted with its iOS 8 release and offers the ability to track and share a vast array of health, fitness and medical data points through multiple apps and devices, essentially turning your iPhone into both a fitness/wellness tool and a personal health care assistant complete with a medical ID feature.

Samsung, which rivals Apple in the smartphone market, continues to tweak its Simband health tracker, which uses a variety of sensors to measure biometric data such as blood flow, EKG levels and skin temperature.

Not to be outdone, Google unveiled its wearable technology platform known as Google Fit last year. The company's health care strategy also includes smart contact lenses that monitor bodily functions such as blood sugar levels detected in human tears by minuscule sensors. Less invasive than the traditional finger stick method, Google's approach may resonate well with the millions of diabetes sufferers.

Joining its Silicon Valley neighbors Apple and Google, Facebook also appears to "like" the health care space. Although Facebook's intentions are less well-defined, app and content development, as well as online support communities, would be a natural fit for the social networking giant.

Whether or not these Silicon Valley giants' efforts take hold in health care, their presence in the market should make the established players — traditional HIT vendors, payers and providers alike — step up our collective innovation games in patient engagement, usability and design of systems, and in delivering a more personalized health care experience.

Medical informatics/academia. Organizations like the American Medical Informatics Association and its members fuel the science of informatics, which, in turn, drives innovation. Naturally, there are reasonable connections between the vendor community and the medical informatics community.

For example, AMIA corporate members include many of the large HIT vendors and traditional IT vendors such as Oracle and IBM. Likewise, many AMIA members are employed within the vendor community. In fact, approximately 13 percent of AMIA's members work in industry.

Also demonstrating academia's ties to innovation, of those startups funded from November 2013 through November 2014, 20 percent include a co-founder who is an academic or licensed from an academic institution.

Adjacent players (e.g., drug stores, payers, life sciences). Large retail pharmacy chains like Walgreens and CVS have been taking dramatic steps to expand their business models and services, emphasizing tools and partnerships to improve care coordination and help consumers to manage chronic diseases better.

While CVS has gone as far as opening a technology development center that will focus on building customer-centric experiences in health care, Walgreens is actively pursuing its telemedicine strategy.

Payers also are busy making moves in the HIT space. For example, focusing on the consumer, Cigna now offers a digital coaching program and ecosystem of mobile tools, social media engagement, gamification and Web-based incentives to help its members meet their health goals.

UnitedHealth Group's Optum unit is seeing good traction among providers using its cloud-based population health analytics capabilities and decision-support solutions. And for its part, Aetna invests in acquiring or building a variety of solutions so that accountable care organizations can deliver more efficient patient care and better outcomes.

Pharmaceutical and life sciences companies such as Pfizer and Merck also are responding to the digital enablement of health care through investments in new technologies and partnerships that help to identify the right treatment for the right patient at the right time.

Living in Harmony

In our ongoing quest to improve care quality and reduce its cost, innovation has long been the hallmark of American health care. With new challenges mounting as we move from a volume to value-based system and progress further into meaningful use requirements, we must make certain that innovation continues to be the driving force behind our nation's health care system — and that we strike the right balance among product, process and business-model innovation.

Growth in IT innovation from both established health care players and new entrants is welcome and important. However, it will place additional stress on providers. Which innovations are mature and potent? How does the organization adopt and use these new technologies well? How is my vendor handling this? And so on.

Stress of this nature adds to the stress of delivering superior patient care while responding to payment pressures, new regulations and IT demands such as ICD-10 and further meaningful use stages. While deciding which HIT innovations are sufficiently potent and mature to adopt at scale is difficult, there is no doubt that these innovations will accelerate our collective efforts toward improving how care is delivered and managed.


more...
ProModel Analytics Solutions's curator insight, February 18, 2015 12:45 PM

Level of IT use creates a context that accelerates innovation.