Privileged User Monitoring: 3 Ways to Prevent Privileged User Abuse in Healthcare



Your healthcare privacy program can be complicated. It may contain thousands of users, multiple admins, community portals, customized data structure – the list goes on. And to prevent data breaches, it’s not enough to build high security walls when insider threats with privileged access run rampant. So, where do you start with privileged user monitoring? Below are three security considerations that can help prevent privileged user abuse in healthcare.

1.  Apply the principle of least privilege

As part of your privileged user monitoring program, users should be given permissions to only what is necessary to perform their job role. A Ponemon Institute study found that 54% of organizations lack the ability to effectively monitor privileged access in spite of the clear risk of insider threats. And according to Cyberark’s Global Advanced Threat Landscape Report, 42% of security experts worldwide said that the most significant cyber threat is unsecured privileged accounts.

An Oklahoma hospital faced a $150,000 lawsuit last year when a food service worker accessed the PHI of an adopted child who had died in a tragic accident. The food service worker – who had no business purpose for accessing PHI – ultimately called the birth mother, who in turn harassed the deceased patient’s adoptive family. Had the hospital applied the principle of least privilege, the worker would never have been able to access the young patient’s records in the first place. But there is a silver lining – organizations can customize privileges so protected health data is accessible only by those on a “need to know” basis. Doing so can save information from being siphoned out by unauthorized users, protecting patients, their families, and the healthcare organization at large.

2. Implement a user activity monitoring program

Healthcare systems both large and small can have thousands of users. With such a high volume of activity comes the risk of privilege user abuse going unnoticed. As HIPAA breaches become a fact of life in the healthcare industry, implementing a user activity monitoring program is essential for detecting unauthorized user access and anomalous behavior.

It’s important to understand how users are accessing PHI. Why? Perhaps a user is accessing patient data from a restricted location, an unknown IP address, or after hours. To deter such unwanted behavior, you can set up rules to prevent privileged user abuse and alert you when users are logging in from unsupported devices, from an unusual location, or accessing an unusually high volume of records.

3. Eliminate insider threats

According to the Verizon Insider Threat Report, 46% of healthcare organizations were affected by insider threats – the only industry where insiders were responsible for a higher amount of breaches than outside attacks. Because of the access privileges that insiders have, they’re often even more dangerous than outside actors. But how can you identify the types of behavior that reveal internal risks, from negligence and malicious insiders?

In order to stop insider threats from privileged users in their tracks, have a patient privacy monitoring program in place to automatically spot trends and deviations in behavior like inappropriate access, high volume of record views, and detecting the signs an employee is about to quit and steal sensitive information. Identifying and taking appropriate action early on can prevent cases like these from causing a potentially catastrophic breach.

By applying the principle of least privilege, monitoring privileged users, and mitigating insider threats, you’ll be better equipped to prevent potential healthcare breaches from happening. In addition, these steps help to automate your compliance process and hold your users accountable for their activity. In return, the confidential patient information in your EHR will be more secure.