Organizations in the health industry (including hospitals, medical centres, pharmaceutical companies, biotechnology companies, medical device and equipment manufacturers and health insurance providers) are faced with a growing number of threats such as ransomware attacks and HIPAA violations. The healthcare sector is faced with a difficult paradox: the number of threats are rising, IT environments are getting more complex, yet there remains a lack of funding to address these challenges. The need to find solutions that automate security and compliance problems while being able to justify ROI is greater now than ever before. LepideAuditor helps to address the common issues seen in the healthcare sector, in a way healthcare organizations can easily deploy and actually afford.
HIPAA Compliance is a key driver for our healthcare customers in the United States. The main challenges we see with regards to HIPAA compliance revolve around inappropriate access to protected health information, vulnerable patient information and a lack of appropriate mechanisms in place for detecting threats. LepideAuditor contains pre-set reports mapped for HIPAA Compliance specifically that offer instant answers to compliance queries. It includes “who’s been added to a security group”, “which user account has expired”, “who attempted to change or reset the password”, “who changed permission of a file and folder”, “who’s logged or changed the out of hours settings in Active Directory”, and many more.
Imagine a user creates some sensitive financial or patient information then saves it to a file share, it’s then copied, renamed and then the permissions are changed. Before you know it, the data is practically public. This scenario is all too common and, unless you’ve got the right auditing tools, are practically impossible to spot. To help with this LepideAuditor keeps a complete audit trail of all interactions with files and folders. Threshold alerts can be created to alert you when files or folders are accessed, copied, modified, renamed or deleted and more.
Almost every organization in the healthcare industry uses third-party software applications for daily activities; all of which store health information in any available database systems, particularly SQL Server. Large amounts of patient and customer data is being stored in Windows File Servers, NetApp Filers, SharePoint Server, SharePoint Online (Office 365), OneDrive for Business and Dropbox. Exchange Server and Exchange Online (Office 365), also act as the backbone of communications in most healthcare organizations across the world. LepideAuditor continuously monitors and records all configuration changes made to these platforms as well as to Windows Active Directory, Azure AD and Group Policies. All permission changes across these platforms are also tracked and reported.
Keeping your Active Directory clean is critical, especially in the healthcare sector where there is often a high volume of user accounts. Ensuring that you are only granting access to those that need it, when they need it, is essential. To help prevent the potential abuse of such accounts, and maintain HIPPA or PCI compliance, LepideAuditor offers a simple means of checking your Active Directory for inactive users and allows you to delete, rename or disable inactive user accounts automatically.
Health, financial and personal data of both patients and customers is stored in files are folders on the File Server. One of the key pillars of any information security strategy is ensuring appropriate access rights to files and folders containing such crucial data. To enforce such policy, there are a few things you first need to know; such as who accesses the data stored in these files and folders, when and from where. LepideAuditor offers the ability to create reports showing file access trends to help identify stale or unused data. It also allows you to take a file share and create a dynamic report showing exactly who can access the data and which permissions were granted. Historical permission analysis, along with permission comparison reports, allow users to check how frequently the permissions have been changed. LepideAuditor also monitors permission changes across multiple components and lets you maintain a least privilege policy by easily restoring unwanted permission changes. For further control, you can also track changes in group memberships and see the list of users with administrative privilege at any given point in time. It allows IT team the insight they need to enforce a principle of least privilege to secure confidential healthcare data and prevent permission sprawl.
More and more or the attacks we have seen within the healthcare sector involve compromised user accounts being used to gain access to patient records. Users with elevated privileged are the most valuable and targeted accounts for hackers, so they need to be observed. More specifically we have seen many instances of third parties, contractors and collaboration partners with privileged access being compromised; leaving healthcare organisations wide open for attack. LepideAuditor ensures you have an audit trail of every change or action made by your privileged user accounts to give you that peace of mind they aren’t compromised or being abused. You can also get real-time alerts (with threshold limit also) when an abnormal number of potentially critical changes or events take place with a specific user account.
The ability to be able to spot anomalous logon and logoff activity is essential when trying to detect security threats. LepideAuditor provides you with threshold alerts to ensure you get complete visibility over logon and logoff activity trends so that you can spot issues before they become a problem. We also provide a search and interrogation feature that enables you to dig deep into the specific actions and activities of user accounts in Active Directory to ensure you know every action taken of a specific user.
Ransomware attacks are prevalent in healthcare organizations all over the world, with the NHS in the UK being hit particularly hard over recent years. While LepideAuditor can’t prevent the initial attack, many of our healthcare clients were able to identify the symptoms and automate their response to the spread. Using LepideAuditor, you can identify specific trends around file access attempts, file or folder modifications and then automate the execution of a user defined script. In some instances, our healthcare clients used LepideAuditor to stop services, activate a firewall setting or even shut down the server.
Lepide® is a registered trademark of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All trademarks acknowledged.