Data Loss Prevention Management and Control: Inside Activity Incident Monitoring, Identification, and Tracking in Healthcare Enterprise Environments

Abstract

As healthcare data are pushed online, consumers have raised big concerns on the breach of their personal information. Law and regulations have placed businesses and organizations under obligations to take actions to prevent data breach. Among various threats, insider threats have been identified as a major threat on data loss. Thus, effective mechanisms to control insider threats on data loss are urgently needed. The objective of this research is to address data loss prevention challenges in healthcare enterprise environment. First, a novel approach is provided to model internal threat, specifically inside activities. With inside activities modeling, data loss paths and threat vectors are formally described and identified. Then, threat vectors and potential data loss paths have been investigated in a healthcare enterprise environment. Threat vectors have been enumerated and data loss statistics data for some threat vectors have been collected. After that, issues on data loss prevention and inside activity incident identification, tracking, and reconstruction are discussed. Finally, evidences of inside activities are modeled as evidence trees to provide guidance for inside activity identification, tracking, and reconstruction.