Firewall Logging: Importance for the Healthcare Industry

    4 MIN READ

    A large number of healthcare companies are at a loss when it comes to understanding their internal security environment. While the HIPAA Security Rule provides a comprehensive legal framework for ensuring secure technical safeguards, it doesn’t give many specifics on which tools to use. We’ve already established what proper logging brings to a healthcare environment, as well as its importance. But what about the contents of those logs? Security indicators are one of the most crucial logs a system can receive. The majority of these logs and alerts come from your firewall, and firewalls are the number one security measure a healthcare company needs to have.Section 164.312(c)(1) states that the integrity of ePHI must be upheld through proper technical procedures and policies to stop this information from being altered or destroyed. This is where Firewall Logging comes in.

    Firewall HIPAA Logs – The Wall of Compliant Protection

    Patient data may seem mundane to the multitude of healthcare workers keying and plodding away records daily. But it’s important to realize that this data is coveted by unscrupulous characters lurking around the web. Stolen information can cause irreparable damage to the patients and the establishments responsible for safeguarding that data. Firewalls are just one component there to stop online intruders. Imagine a towering brick wall denying entrance to attackers in the night. In our case, this metaphoric wall is part of a computer system that denies unauthorized access from the outside and limits outward communication deemed unsafe, i.e. the ability for office computers to access unprotected websites. This system is reactive – what we also need is something proactive. Firewall logs are the sentries posted up on this proverbial wall – the loggers on the wall. They can respond to real time alerts and backtrack to see what happened. HIPAA compliance requires healthcare companies to have configured log monitoring. Our firewall logs – or rather firewall sentries, serve an important function for maintaining the integrity of ePHI. They do this by:

    • Helping to determine if an attack has taken place
    • Alerting system administrators if an attack is currently happening
    • And logging security data for required audits

    Firewall logs watch for intrusions and will relay what action the firewall took to block network attacks on either an individual computer, or an entire in-house data system. A firewall log will relay a few pieces of crucial information: incoming network traffic, a description of suspicious network activity, and the location of activity logged.Our logging platform gives these logs a foundation so that they can be used, stored and monitored to ensure ePHI safety and HIPAA compliance. We give form to the shapeless firewall data that’s usually left floating around and left inaccessible.There are a few different types of firewalls. All of them will produce logs, but it’s important to understand the distinction between them in order to build a proper foundation.

    Different Bulwarks of Safety

    For our purposes here, we’ve divided the number of firewalls into three different types of network firewalls. These include software, web applications, and hardware; all are crucial in maintaining HIPAA safety compliance. Remember that the goal of our firewall system is to stop harmful unauthorized traffic and limit dangerous exterior communication. The goal of our firewall logging is to take actionable steps to stay alert and maintain the integrity of the system and thwart any attacks. Simply having a firewall won’t cut it. Possessing an interconnected system with multiple protected funnels and monitoring means is more effective.

    Software Firewall Safeguard

    This is a type of firewall that is often overlooked because it’s usually pre-installed on a number of computers. A healthcare entity needs a firewall between the systems responsible for housing ePHI and all other connected systems. This also includes internal systems. Software firewalls protect lone computers from a few different types of threats – namely mobile devices that can be compromised. Take for example, a remote employee accessing data from home or on the go. If they’re caught in an unlucky phishing debacle, their firewall will act to protect their personal computer or device and save the integrity of any connected medical data in the process.Software firewalls are easy to maintain and allow for the remote work to take place. While they might not protect an entire system, they patch up an area liable to attack.

    Web Applications Firewall Safeguard

    Also commonly known as (WAFs), these should be placed at the frontlines of any application that needs to access the internet, which at this point is the vast majority of them. WAFs help detect, monitor and stop attacks online. A bevy of firewall logs will be sourced from here. Note that a WAF is not an all-purpose firewall; it’s main function is to block suspicious web traffic.Many databases require access to the internet. Cyber security reports can be generated through logging platforms and then acted upon. The WAF logging combination is akin to the heart rate monitor, but for online security health. If everything is going well, there won’t be any dramatic spikes. But if danger strikes, the necessary alerts and response team will be on it. There needs to be special care when setting up a WAF, since critical functions could be hampered if it’s not setup properly. But nothing beats this firewall when it comes to protected third party modules and quick logged response time.

    Hardware Firewall Safeguard

    Hardware firewalls are installed company wide throughout the entire organization's network. Internal systems are protected from the outside internet. They’re also used to create network segments inside the company that divide access to those with ePHI access from those without it. Other networks inside the company system may need fewer firewall restrictions placed on them. For example, maybe a medical device designer needs to collaborate with an outside agency of some kind. This particular job function doesn’t require ePHI access; their segmented network shouldn’t be affected, nor should they be on the same network with employees handling ePHI. A secure network will employ these different types of firewalls together ensuring a protected and HIPAA compliant healthcare company.