Behavioral Analytics' Role in Health Data SecurityCynergisTek CEO Mac McMillan on Why More Organizations Are Considering UEBA
Healthcare entities are increasingly considering user and entity behavioral analytics tools because their previous breach prevention and detection efforts have fallen short, says security expert Mac McMillan.
While UEBA "is probably still in the category of things the healthcare sector need to catch up with ... more and more health systems are looking at these tools because they are very frustrated with the old compliance-based solutions that don't provide them with the flexibility and accuracy they need," says McMillan, CEO of the security consultancy CynergisTek.
Many organizations are frustrated with the false positives older systems provided, he says in an interview with Information Security Media Group. Those false positives "caused them to waste a lot of valuable time in chasing things down that they should've have had to chase."
New behavioral analytics tools are more dynamic and allow organizations to address privacy and medical identity theft issues, he says. Plus, some organizations are even evaluating capabilities for tracking the opioid drug abuse issue.
"There are just so many more things you can do with a behavioral analytics tool that a lot of health systems are beginning to say, 'I really want to understand my data ... what my users are doing ... and I want to know that the information that I'm looking at is analyzed to a point that I'm pretty confident that what I'm looking at is accurate," McMillan says. "And I want to do more than just track simple compliance or simple privacy issues.'"
In the interview, (see audio link below photo), McMillan also discusses:
- How UEBA tools can work in healthcare settings for identifying anomalous and potentially risky user behavior;
- The pros and cons of deploying UEBA tools;
- Tips for effective UEBA implementation.
McMillan is co-founder and CEO of CynergisTek Inc. an Austin, Texas-based firm specializing in information security and regulatory compliance in healthcare, financial services and other industries. He has more than 30 years of security and risk management experience, including 20 years at the Department of Defense, most recently at the Defense Threat Reduction Agency. He is also former chair of the Healthcare Information and Management Systems Society's privacy and security task force.