SOC-as-a-Service Brings Key Advantages for HIPAA Compliance

June 4, 2019 Arctic Wolf Networks

A data breach can devastate any business but healthcare organizations are especially vulnerable. According to the annual IBM Cost of Data Breach studies by the Ponemon Institute, healthcare has the highest data breach cost per record of any industry. The main reason? Regulatory fines.

HIPAA noncompliance is a costly mistake. In 2018, the HHS Office of Civil Rights (OCR) set an all-time record year as far as HIPAA enforcement goes, meting out $28.7 million in fines. OCR’s $16 million settlement with Anthem was also the highest ever—and a nearly threefold increase from a previous $5.5 million record.

Smaller healthcare organizations are not immune to HIPAA fines, as we’ve seen in cases such as the Center for Children’s Digestive Health. For these smaller hospitals and practices, the losses are even more overwhelming.

The Costly Consequences of Data Breaches

In addition to fines for HIPAA noncompliance, other direct and indirect costs of data breaches to healthcare organizations include:

Class-action lawsuits: In March, a class-action lawsuit was filed against the University of Connecticut Health Center, after a data breach was discovered last December. It’s just the latest in a series of civil litigations resulting from compromised ePHI.

Reputational damage: In a consumer-driven healthcare economy, you can’t afford to see your name in OCR’s Breach Portal. Savvy consumers may use this “wall of shame” to weigh their decisions about provider choices.

Add it all up and it’s easy to see why pressures mount on hospital IT staff, ill-equipped to deal with these threats.

Improve Security Posture with SOC-as-a-Service

To avoid the high-cost consequences of data breaches, healthcare organizations need a security operations center (SOC) for advanced threat detection and response. In contrast to the resources and budget required to build and maintain an in-house SOC, a a SOC-as-a-service is more scalable and cost effective. Yet, it also provides:

  • Expert 24/7 monitoring and a dedicated security team
  • Actionable threat intelligence
  • Ongoing vulnerability scans and risk assessments
  • Compliance monitoring and reporting

Streamlined Auditing Requirements

As part of HIPAA compliance, you must regularly monitor access to and interaction with ePHI. Simply logging activity is not enough–you need to examine the logs.

A SOC-as-a-service solution allows healthcare organizations to:

  • Monitor user and admin access and config changes to all ePHI-related systems
  • Audit changes to Active Directory, file servers, and group policies
  • Flag unauthorized actions
  • Monitor and report user activity in Active Directory and endpoints
  • Detect anomalies

Always Be Prepared

Staying secure against today’s burgeoning cyberthreats isn’t easy. Especially for organizations in industries under constant attack, such as hospitals, clinics, and healthcare practitioners. Learn more about the advantages of SOC-as-a-service — download our free white paper.


Previous Article
New Supreme Court Ruling Has Major Implications on Corporate Data Breaches
New Supreme Court Ruling Has Major Implications on Corporate Data Breaches

Data breaches now bear major legal ramifications due to a spring Supreme Court ruling in a Zappos class act...

Next Article
Verizon 2019 DBIR Recap: The Data Breach Nightmare Continues
Verizon 2019 DBIR Recap: The Data Breach Nightmare Continues

It seems no matter how hard we as an industry beat the security drums, data breaches are still a daily and ...


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!