Modeling and Detecting Anomalous Topic Access Siddharth Gupta 1, Casey Hanson 2, Carl A Gunter 3, Mario Frank 4, David Liebovitz 4, Bradley Malin 6 1,2,3,4.

Slides:

Advertisements

Similar presentations

| Implications for Health Information Exchange – MetroChicago January 2011.

Advertisements

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

1.04 Patient Rights Legislation

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

Validating EMR Audit Automation Carl A. Gunter University of Illinois Accountable Systems Workshop.

Validating the Evaluation of Adaptive Systems by User Profile Simulation Javier Bravo and Alvaro Ortigosa {javier.bravo, Universidad.

ANKIT (2209) PUJIT KAMAL (2335) CONTENTS 1.INTRODUCTION 2.BENEFITS OF EXECUTION OF DESIRED IT SOLUTION IN FUNCTIONAL AREAS 3.AREAS COVERED BY HIT (HEALTH.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

NAU HIPAA Awareness Training

HIPAA Regulations What do you need to know?.

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Developing an Interdisciplinary Health Informatics Security and Privacy Program Xiaohong Yuan, Jinsheng Xu, Department of Computer Science Hong Wang, Department.

Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.

Role Prediction Using Electronic Medical Record System Audits Wen Zhang 1, Carl Gunter 3, David Liebovitz 4, Jian Tian 1, Bradley Malin 1,2 1 Dept. of.

Project Update : Claims/Clinical Linkage Project MHDO Board of Directors June 6, 2013.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center.

ETIM-1 CSE 5810 CSE5810: Intro to Biomedical Informatics Mobile Computing to Impact Patient Health and Data Exchange and Statistical Analysis Presenter:

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Query session guided multi- document summarization THESIS PRESENTATION BY TAL BAUMEL ADVISOR: PROF. MICHAEL ELHADAD.

Business Logic Abuse Detection in Cloud Computing Systems Grzegorz Kołaczek 1st International IBM Cloud Academy Conference Research Triangle Park, NC April.

Automatic Gender Identification using Cell Phone Calling Behavior Presented by David.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

1 Personal Health Information Data Breach. What Happened? March 10, 2012: Computer hackers illegally access a Department of Technology Services (DTS)

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

UNIVERSITY of NOTRE DAME COLLEGE of ENGINEERING Preserving Location Privacy on the Release of Large-scale Mobility Data Xueheng Hu, Aaron D. Striegel Department.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Division of Emergency Medicine Cincinnati Children’s Hospital

ACM BCB 2015 Xun Lu 1*, Aston Zhang 1*, Carl A. Gunter 1, Daniel Fabbri 2, David Liebovitz 3, Bradley Malin 2 1 University of Illinois at Urbana-Champaign,

Uncovering Anomalous Usage of Medical Records via Social Network Analysis You Chen, Ph.D. Biomedical Informatics Dept., School of Medicine EECS Dept.,

Using Identity Credential Usage Logs to Detect Anomalous Service Accesses Daisuke Mashima Dr. Mustaque Ahamad College of Computing Georgia Institute of.

Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter.

1 Challenges for Protecting the Privacy of Health Information: Required Certification Can Leave Common Vulnerabilities Undetected Ben Smith, Andrew Austin,

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

Research & Economic Development Office of Grants and Contracts Administration Data Security Presented by Debbie Bolick September 24, 2015.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Information Security: Current Threats Marc Scarborough Information Security Officer

Detecting Undesirable Insider Behavior Joseph A. Calandrino* Princeton University Steven J. McKinney* North Carolina State University Frederick T. Sheldon.

Internet Security and Implications on Transportation Systems 1 Yan Chen Department of Electrical Engineering and Computer Science Northwestern University.

Medical Informatics: The American Recovery and Reinvestment Act, HITECH, and The Health Information Technology Decade Chapter 2.

Biomedical Informatics and Health. What is “Biomedical Informatics”?

Health Informatics Awareness Planned DayTopicPlanned Time Day 1 22/7/ Course introduction & pre course survey 2.Pre evaluation test 3.Introduction.

Health Insurance Portability and Accountability Act of 1996

1.04 Patient Rights Legislation

Preventing Corruption & Bribery - Perspectives from the Regulators-

Health Insurance Portability and Accountability Act HIPAA 101

And the finer details of patient privacy

Intrusion Control.

1.04 Patient Rights Legislation

1.04 Patient Rights Legislation

TRINITY UNIVERSITY HOSPITAL INTERNAL EXIT MEETING

TRUST Autumn Conference November 11, 2008

Detecting Insider Information Theft Using Features from File Access Logs Every action, on your phone, on your computer, online, has some risk associated.

The Privacy Cycle A Five-Step Process to Improve Your Privacy Culture

Disability Services Agencies Briefing On HIPAA

Objectives Telecommunications and Network Physical and Personnel

1.04:PP4 Patient Rights Legislation

1.04 Patient Rights Legislation

Presentation transcript:

Modeling and Detecting Anomalous Topic Access Siddharth Gupta 1, Casey Hanson 2, Carl A Gunter 3, Mario Frank 4, David Liebovitz 4, Bradley Malin 6 1,2,3,4 Department of Computer Science, 3,5 Department of Medicine, 6 Department of Biomedical Informatics 1,2,3 University of Illinois at Urbana-Champaign, 4 University of California, Berkeley, 5 Northwestern University, 6 Vanderbilt University

Motivation and Challenges Our Contributions Dataset Description Random Topic Access (RTA) Model Random Topic Access Detection (RTAD) Model Evaluation and Results Outline of the talk

Reported on April 2013 The University of Florida : 2 offenders illegitimately accessed 15,000 patients over 3 years (March October 2012). Personal information, including names, addresses, date of birth, medical record numbers and Social Security numbers were compromised for the purposes of billing fraud. One of the offender was the insider in the hospital without prior. How can we efficiently model and detect these types of attacks in the healthcare system. EMR Access Breach

Two broad classes of threats: Inside Threats: the behaviors of hospital users (staff) that adversely affects the healthcare institution, where they commit financial frauds, medical identity thefts and curiosity accesses to EMR. Outside Threats: an outsider entity hires an insider to commit fraud, a visitor accessing records on open computers in some scenarios, untrustable patient seeking information about other patient’s records. Ramifications: Irreversible violation of patient privacy and subsequent high cost for hospitals. Deterrent: The current legal deterrent is a number of legal regulations, such as the HIPAA and HITECH, which impose specific privacy rules for patients and financial penalties for violating them Motivation

Build a classifier on labeled data to differentiate anomalous users from legitimate users. Real healthcare data is not labeled. Current methods use injection of synthetic anomalous users and evaluate on them. Classical Detection Methodologies

In Healthcare information systems the primary mechanism for generating anomalous users is to associate users with random patients in the dataset. We call such a system, ROA (random object access). The resulting user doesn’t appear to be a plausible attacker in the real hospital setting. Random Object Access

Random Topic Access (RTA): we introduce and study a random topic access model or RTA aimed at users whose access may be illegitimate but is not fully random because it is focused on common semantic themes. User Simulation: we utilize the latent topic framework to simulate illegitimate users and model them as samples from a Dirichlet distribution over topic multinomials. Anomaly Detection Framework: study RTA to detect and evaluate the users having suspicious access patterns. Our Contributions

Data Set Fig a) Summary Statistics for Audit Logs Fig b) Summary Statistics for Patient Records

Random Topic Access (RTA) Model: a mechanism for utilizing latent topic structures to represent real users in the population and allow for the synthetic generation of semantically relevant anomalous users. Topic modeling can provide a concise description of how a user behaves in the context of his peers and the meaning of that behavior. Model users as samples from a Dirichlet distribution over topic multinomials. Random Topic Access (RTA) Model

Latent Dirichlet Allocation (LDA) Diagnosis Raw Feature Patient LDA Diagnosis Topic Feature Patient

Topic Distributions

Topics Distributions Diagnosis Topics Neoplasm TopicObstetric Topic Kidney Topic

Characterizing Users

Multidimensional Scaling: Patient Diagnosis

RTA: Simulating Users a.) Directed or Masquerading User (α<1) : an anomalous user of some specialty gains sole access to the terminal of another user in the hospital. b.) Purely Random User (α=1): user is characterized by completely random behavior, with little semantic congruence to the hospital setting c.) Indirect User: user type resembles an even blend of the topics of many specialized users

Population Distribution α = 0.01 α = 0.1 α = 1 α = 100 A. Directed Users B. Purely Random Users C. Indirected Users

Role Distribution NMH Resident Fellow CPOE Masquerading Users Purely Random Users Indirect Users Anomalous Users Real Users

Random Topic Access Detection (RTAD)

Results - I

Results - II

Thank You ! Contact: Sponsors: