Healthcare Security Deployment Guide – Configure the Module
LogRhythm requires that you configure some objects included in the Healthcare Security Compliance Automation Suite. This section describes the steps you must perform.
Intelligent Indexing
Intelligent Indexing allows Reports, Investigations, and Tails to keep the appropriate log data online in the Log Manager/Data Processor. Care must be taken when choosing which object to allow Intelligent Indexing as broad criteria can cause an exceptional amount of online data and overwhelm the Log Manager/Data Processor. For a list of Intelligent Indexing-capable objects and their recommended settings, see the matrices available from the home page of this module.
Establish Entity Structure
HIPAA, HITECH, and Promoting Interoperability all require the organization to determine in-scope systems and components that facilitate compliance reporting. The performing of a Risk Assessment for these healthcare frameworks is a requirement under Title 45 Code of Federal Regulations. According to the audit scope, LogRhythm can apply the categorization within the Entity Structure to identify in-scope environments and components. Organizations should leverage any IT asset listing, system inventory, or risk assessment to assign categorization accordingly.
The following are the existing components of the Entity Structure:
- Parent Entity Structure should reflect the locations for in-scope components. Access provisioning and restrictions can be applied by Entity structure. Geographically based Entity structures are recommended for most environments. For each respective location, infrastructure designated to the compliance scope can be split out into an isolated Entity. Here is an example:
- Location 1
- Location 1 – HIPAA/HITECH/PI
- Location 2
- Location 2 – HIPAA/HITECH/PI
- Datacenter
- Datacenter – HIPAA/HITECH/PI
- Child Entity Structure should reflect the classification of in-scope environments/servers:
Child Entity Name | Description | Restricted Access |
---|---|---|
Physical Access Systems | Inclusive of any server or system that manages or contains logging for any physical access application or database. | Yes, limit to authorized users. |
Data Storage Systems | This includes servers and storage volumes containing ePHI, sensitive data or configured for FIM. | Yes, limit to privileged users in the LogRhythm environment. |
Network Devices | Devices including firewalls, switches, routers, load balancers and other networking log sources fall under this category. | Yes, limit to privileged users in the LogRhythm environment. |
Workstations | All workstations associated with ePHI data and access should be categorized under this structure. | Yes, limit to authorized users. |
Production Servers | Production servers that are not associated with data storage volumes qualify for this structure. | Yes, limit to privileged users in the LogRhythm environment. |
Remote Access Systems | Any system that provides remote access falls under this category. | Yes, limit to authorized users. |
Security Systems | Systems that perform intrusion detection, prevention, malware protection and audit support are categorized here. | Yes, limit to privileged users in the LogRhythm environment. |
Test Systems | Preparation and test servers, firewalls and other hosts belong under this structure. Test systems will not necessarily contain any ePHI. | Yes, limit to authorized users. |
- Log into the Client Console using administrator credentials.
- On the main toolbar, click Deployment Manager.
- Click the Entities tab.
- Right-click the Global Entity node, and then click New Root Entity or New Child Entity.
The Entity Properties dialog box appears. - Specify the properties for the new Entity, and then click OK.
Population of Lists
The Healthcare Security Compliance List must be populated with the data you collected before installing the module. Complete the following sections to populate all required lists.
Populate Entity Lists
- Open the LogRhythm Console and click List Manager.
- Right-click the name of a Healthcare Security Compliance Automation Log Source List, and then click Properties.
- Click the List Items tab.
- To view the log sources selector, click Add Item.
- Search for and select all Entities that you want, and then click OK.
- To save the list, click OK.
- Repeat this process (steps 1-5) for all Healthcare Security Compliance Automation Entity Lists from your checklist.
Populate Log Source Lists
- Open the LogRhythm Console and click List Manager.
- Right-click the name of a Healthcare Security Compliance Automation Log Source List, and then click Properties.
- To view the log sources selector, click Add Item.
- Search for and select all log sources that you want, and then click OK.
- To save the list, click OK.
- Repeat this process (steps 1-5) for all Healthcare Security Compliance Automation Log Source Lists from your checklist.
Populate Users Lists
- Open the LogRhythm Console and click List Manager.
- Right-click the name for a SOX Users List, and then click Properties.
- Select the Username for the Item Type.
- Type in the username in the Add Item field.
- Click Add Item to add the username.
- Repeat steps 4-5 for all usernames.
- To save the list, click OK.
- Repeat this process (steps 1-7) for all Healthcare Security Compliance Automation Users Lists.
Activate and Configure AIE Rules
All AIE Rules included in the Healthcare Security Compliance Automation Suite are disabled by default.
- Open the LogRhythm Console and click Deployment Manager.
- Click the AI Engine tab.
- Select all the Healthcare Security Compliance Automation AIE rules.
- Right-click the AI Engine Rule Manager, click Actions, and then click Enable.
All alarming AIE Rules included in the SOX Compliance Automation Suite have been alarmingly disabled by default.
- Open the LogRhythm Console and click Deployment Manager.
- Click the AI Engine tab.
- Select all the Healthcare Security Compliance Automation AIE rules that are configured to alarm.
- Right-click the AI Engine Rule Manager, click Actions, click Batch Enable Alarms, and then click Enable Alarms.
All alarming AIE Rules included in the SOX Compliance Automation Suite must be configured for notifications.
- Open the LogRhythm Console and click Deployment Manager.
- Click the AI Engine tab.
- Select each of the Healthcare Security Compliance Automation AIE rules that are configured to alarm and notify.
- Right-click the AI Engine Rule Manager, click Actions, and then click Batch Notification Editor.
- Select all the roles, individuals, or groups to be notified, and then click OK to save the notifications.
- Repeat Steps 2-5 for all alarming SOX AIE Rules that share notification personnel.
- On the top of the AI Engine Rule Manager, click Restart AIE Engine Servers.