Lars Christerson is Information Security Officer at Region Jämtland Härjedalen. He leads a data security and data protection team of five colleagues, including legal resources. The team uses the Logpoint SIEM solution to collect, aggregate, and analyze security data across the infrastructure, including domain controllers, web servers, and other critical parts of the regional network.
The Logpoint SIEM collects, categorizes, and analyzes log data to identify potential cybersecurity incidents and events. Based on predefined rules, it delivers real-time alerts and presents security information to the data security team in on-screen dashboards or reports provided with regular intervals.
“The Logpoint SIEM allows us to monitor the state of our infrastructure continuously and provides alerts if something out of the ordinary is occurring. In addition, it provides us with the necessary tools to drill down into an incident and to establish whether there is a technical problem, user error, or an actual breach of security,” says Lars Christerson.
The Logpoint SIEM solution is also collecting log data from the COSMIC medical record system in audit trails for further processing and reporting to responsible healthcare roles. For that Jämtland Härjedalen is using the Logpoint Applied Analytics module, to make audit data about access to patient records available for a broader, non-technical group of local administrators. They can monitor access to patient records, perform targeted searches, evaluate incidents, and use the data to help improve user behavior and develop best practices for the use of medical records. Best practices for predefined rules and dashboards for patient record access have been developed in collaboration with Region Värmland, who is also a Logpoint user.
“Working with a mix of cluster sampling, predefined non-compliance rules, and dashboards showing aggregated outcomes, we get distinct views of the access patterns. The option to drill down in specific cases increases our ability to evaluate violations and anomalies and helps us understand user behavior. This allows us to improve our ways of working and help develop best practices for medical record platforms. In that way, Applied Analytics has helped us evolve from ’policing’ users in a direction towards a quality improvement mission”, says Lars Christerson.
“Using automated rules for log filtering, we can reduce the number of false positives for potential breaches. Adding a severity level with rules can filter the incidents to identify and prioritize cases where a real violation has been found. That saves precious time.”