Investigations can further assist in gathering vital information about security events, facilitate audit requests, and provide basic information about an environment and the processes and activities within it. Healthcare Security Compliance Automation Suite investigations can augment a change control process in identifying configuration changes and trying to understand the nature of them to determine whether they align with change procedures, along with their implications for healthcare compliance. Investigations can also be run to support user access management (provisioning/de-provisioning/termination), privilege user activity, vendor account management, on-boarding of new user access, and other activities. User lists within LogRhythm can align with existing user access provisioning within the company and can be updated at the completion of periodic HIPAA, HITECH, and Promoting Interoperability access reviews.
The HSS: Vulnerabilities Detected Inv and other investigations related to potential malicious activity cover all log sources in your environment, but specifically require logs from network security systems such as anti- malware systems, security enforcing devices, and vulnerability detection systems. After they are configured correctly, investigations allow IT and security operations to not only deep dive into potential security events, but also to learn more about and continuously improve your overall compliance and cyber security program.
Further, with an emphasis on managing third-party access within your environment, business associate related investigations are applied against all log sources across the environment that administer access to these accounts. The business associate account investigations look to deep dive into authentication and access activities within the environment to augment related healthcare compliance control objectives. Similarly, there is an investigation dedicated to the evaluation of Eligible Professional activity.
Since the Healthcare Security Compliance Automation Suite is configured to work in tandem with the Threat Intelligence Service, there are also investigations purposed for Threat IP analysis pertaining to the ePHI scope. Without the Threat Intelligence Service being installed and implemented, Threat IP investigations will not return any search results.
Knowledge Base Content
HSS: Attacks Detected Inv
HSS: Malware Detected Inv
HSS: Vulnerabilities Detected Inv
HSS: Eligible Professional Activity Inv
HSS: Covered Entity Acct Auth Failure Inv
HSS: Covered Entity Acct Auth Success Inv
HSS: Covered Entity Acct Access Failure Inv
HSS: Covered Entity Acct Access Success Inv
HSS: Covered Entity Acct Disabled/Enabled Inv
HSS: ePHI Threat IP Activity Inv
HSS: Unapproved ePHI Account Access Inv
Investigations are used to pull additional details from log sources related to events of interest. The Healthcare Security Compliance Automation Suite investigations can be used to monitor potential malicious activity to assist in reducing the mean time to detection and learn about vulnerabilities or exposure points within the environment. IT Security Operations and Management should look to leverage these investigations as a learning mechanism and a means to gather vulnerability data in order to implement controls to reduce the risk exposure.
On the business associate side, IT Security Operations and Management should use these investigations to deep dive into vendor account activity within the environment to better understand ‘normal’ third-party activities and identify when these accounts go beyond their scope of operations within your environment. This nature of investigation can also be used in access management to validate access within the environment against periodic reviews of third-party business associate accounts.