Privacy Operations Center

"POC" - the next frontier of innovation

Over the last few years I have built next generation Security Operations Centers (SOCs) that focused on collaboration between operators, immersive cyber ranges that could teach executives how to think during a crisis, and even put a watch floor on the back of a semi-truck in an effort to inspire a new generation to pursue careers in information security. Each of these innovations ultimately focused on breaking through existing paradigms of how we approach and respond to security incidents.  We are starting a new journey today – scaling up what we call a Privacy Operations Center. 

We are focused on a tough challenge – protecting healthcare records and the private information held within them.  Our healthcare records contain everything from social security numbers and credit card data to your psychological records and genomic data.  Not only are healthcare records a target for organized crime and nation state actors, but they are also a source of curiosity for those that work in the healthcare industry.  Verizon reports that 59% of threat actors in healthcare are actually coming from the inside and this can be everything from a credential loss to a curious employee that wants to check out the psychological profile of their neighbor or a celebrity by reading their medical record. 

The industry’s approach to this problem is not working.  At this stage, nearly 1 in 8 Americans has had their healthcare record stolen and we need an entirely new approach.  Our idea is to build a watch floor focused not on monitoring for indicators of security compromise, but rather to focus on indicators of privacy compromise.  We took many of the tools and techniques you would see in a SOC and applied them to privacy – event correlation, artificial intelligence, user behavior analytics and the breed of on-mission investigators you would find making up a HUNT team. Rather than asking “what is this malware and why is it on a system” we are asking “why is this patient record being accessed and is that access legitimate?”  Why is a pediatrician accessing the patient record of an adult?  Why is a healthcare worker looking up the medications of their neighbor that lives four doors down?  Why is this controlled substance being prescribed to a patient with no record of a visit? 

Our pilot with this new approach has moved quickly and every day we are learning new techniques that have real results.  We moved from processing dated reports to live connections that can work in near real time.  We have rooted out false positives into the single digits and we can find the security breaches that bypass the SOC. It turns out that hackers don’t act like a clinicians.  They don’t typically write patient notes, prescribe medication or access records in a predictable pattern.  The unusual behavior of an attacker shoots up like a bright red flare allowing us to take action on the attack that bypassed the security team.

We are early in this journey, but we think we are onto something with the concept of a Privacy Operations Center. As privacy regulations rollout across the industry we think medical records are a great place to start and learn but by no means are they the end of the opportunity.  We are not alone in this thinking and today, one of the largest health systems in the US agreed to rollout our service across their system.

I think we have all known that privacy does not exist without security ...... but just maybe ..... by approaching the privacy problem in a new way we can actually fix the security problem. 

What do you think? Learn more in the press release below and drop me a comment of your thoughts here on LinkedIn.

https://www.businesswire.com/news/home/20191121005171/en/CynergisTek%E2%80%99s-Privacy-Operations-Center-Scales-Multi-Year-Partnership