Healthcare Information Security


Avoiding a Reactive Approach in Federal Health Data Security

Healthcare data security measures require a comprehensive and multi-layered approach, according to experts at Lockheed Martin.

By Elizabeth Snell

- Federal healthcare data security measures need to be comprehensive and current, ensuring that agencies such as the Centers for Medicare and Medicaid Services (CMS) and the Department of Veterans Affairs (VA) can keep sensitive data secure.

Health data security essential at the federal level

Being able to keep a proactive approach, rather than a reactive approach, is essential, according to Eric Sharpsten, CTO of Federal Health at Lockheed Martin ISGS-Civil Health & Life Sciences.

Lockheed Martin has recently started utilizing ExtraHop Networks to assist in its data analytics monitoring and ensure that data security is not compromised.

Working with agencies such as CMS and the VA, Lockheed Martin must keep key IT applications available and performing, Sharpsten explained. Moreover, end-users need timely and reliable access to their resources, with data and systems staying secure.

“One of the benefits of tools like ExtraHop is that we actually take the power and put it into the individual’s hands,” Sharpsten told HealthITSecurity. “So the database administrator, the network administrator, the Windows administrator, they can look at the data in a way that’s meaningful to them.”

READ MORE: DHS Cyber Incident Response Plan Focuses on Infrastructure Risk

Sharpsten added that being able to catch an attack in progress, and use the analytics side of an engine like ExtraHop to arrest that attack is extremely valuable.

“There’s no attacker that I know of in the world that is able to change the data on a network to hide their actions and also get their actions done,” he said.

Healthcare data security concerns are definitely something that Lockheed Martin needs to be mindful of, Sharpsten explained, as there is lots of PII inside the CMS systems.

“We’re battling the security every day,” Sharpsten stated, adding that being able to leverage the ExtraHop tools to augment data is essential. “That is managed by the CMS CISO and we utilize the tools that they ask us to put online.”

For example, Sharpsten said that they are also better able to detect attempted ransomware attacks.

READ MORE: Healthcare Information Sharing Need Stressed in Recent Hearing

“To make matters worse, attackers are constantly moving their attack vectors around the Internet making it hard for organizations to block,” he maintained. “ExtraHop has leveraged their capabilities to identify and alert to a ransomware attack in process allowing the organization to stop the attack through actions such as pulling impacted devices off line.”

Moreover, the encrypted drives can be identified for later remediation.

“Having been through one of these attacks in the past, it is very difficult to identify and recover all impacted files resulting in massive restores or continuous impacts as the team recovers files as they are identified by end users over time,” Sharpsten said. “In short, while this is not explicitly protecting the exfiltration of consumer data, it is providing a significant defense in data integrity.”

Lockheed Martin is also in the process of setting up a pilot for this capability, since it has learned of the feature.

“We keep finding new ways to leverage our investment by investing our time in new triggers. Each new function we derive improves our ability to deliver services to our federal customer improving performance and enhancing security.”

READ MORE: National Cybersecurity Strategy Suggested in New Report

Using a multi-layered approach to security

Numerous levels of security are also going to be critical when it comes to keeping networks secure, according to Sharpsten.

With the VA, Lockheed Martin is operating on isolated networks with multiple tools in play to secure those networks, he explained.

CMS has a three-level tiered architecture for its networks, and there are also extensive rules that must be followed to keep information secure. For example, access control is key, and ensures that individuals are not able to access information beyond what is necessary for their role.

“Whenever an individual, provider, or even a beneficiary comes in to access the system, they have a role that’s been established and an identity that’s been established prior to allow them to get in,” Sharpsten said. “One doctor may be able to get at certain features and functions, while an applications research analyst can get other data.”

Applying lessons from 2015 healthcare data breaches

Learning from previous healthcare data security issues is essential when it comes to preventing the same types of problems from occurring again.

Data breaches have been an issue for a long time, according to Sharpsten, and it is something to be aware of and be sensitive to it being a real problem for organizations.

Two-factor authentication, as well as multi-factor authentication, will be essential tools to help combat data security issues this year, Sharpsten predicted.

This is an especially sensitive issue when it comes to federal organizations following the OPM data breach that happened in 2015. In that incident, OPM announced over the summer that it had been the victim of a cyber attack, compromising millions of federal applicants’ personally PII, records, and other sensitive information.

Multiple lawsuits were filed against OPM, with one claiming that the agency had weak cybersecurity measures, and that it continually failed to meet Federal Information Security Management Act (FISMA) guidelines.

Multi-factor authentication was also underlined by ICIT Co-founder and Senior Fellow Parham Eftekhari in an earlier interview with

"Some of these basics are still missing," Eftekhari said. "I've been in the IT industry for about 10 years, and dual factor authentication has been talked about since day one. But people are still not doing it, and it's a simple solution to implement. Getting back to basics is important." 

Sharpsten was also very adamant that authentication measures are just one part of the larger data security puzzle.

“I know CMS is really laser focused on two-factor authentication,” he explained, adding that this will be a key thing for organizations to use toward protecting data.

Even so, Sharpsten acknowledged that multi-factor authentication by itself will not be enough to prevent all possible data breaches from taking place.

“The government is buttoning up access, and I think there’s going to be a lot of attention and money on authentication mechanisms,” he cautioned. “But it’s kind of like you’re plugging the holes in the dyke that you can see. Sometimes it’s the ones you can’t see that can pop up and bite you.” 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...