13 April 2014 - by Thom Hooker
NHI algorithm adds patient file protection
SMX was involved recently in helping a client in the health sector deal with a data leakage problem. We were able to solve the customer's issue quickly by implementing a new version of an algorithm our development team had been working on for a while. Using this new algorithm, and working in conjunction with the customer's IT team, we were able to plug a potential privacy hole in their infrastructure.
Staff at the customer's site were receiving and sending patient health records via email. While there are policies and conventions in this industry about not sending such confidential data via email, email is such a convenient medium that people are inclined to bend the rules in order to get the data to their colleagues. Security for a lot of people is often an afterthought (if it's even thought about at all).
The IT department at the customer's site was aware of this tendency amongst its staff and, while well intentioned, it led to security concerns which ended up on the IT manager's desk. The IT manager contacted us to see if we could assist with some data loss prevention techniques. After some research and a couple of phone calls the customer agreed that the best way forward to help secure their email flow from sending out confidential data was to implement a SmartRule checking for NHI numbers inside emails and attachments. The National Health Index (NHI) number is a unique seven-character string used to identify individuals within the NZ health system. It consists of a three-letter prefix and a four-number suffix, with the last digit being a check digit for error checking.
Immediately, our team saw the potential for issues with implementing a straight check looking for three characters in a row followed by four numbers. For a start, false positives were possible one out of ten times given the check digit is a single character, so we had to apply more checks than were available in the specification. Our team also looked at reducing the scope of the searches, so we weren't falsely triggering on hidden or meta data (for example).
Once we had tested the new NHI algorithm on some sample emails we were confident the customer would see benefit from this rule straight away. As soon as they were informed that the new SmartRules® algorithm was in place, the customer tested and was able to confirm that we were now stopping all emails containing NHI numbers. The whole deployment process was managed by the customer so they were comfortable with the risk mitigation processes in place in case of any issues.
Despite the extra processing required to decompose attachments converted to MIME for sending via email, scanning them for NHI content and then returning a verdict (as well as potentially BCC'ing any triggering message to an administrative mailbox for later investigation) the customer has seen no impact on the performance of their other mail filtering services. We have since made this NHI algorithm available for all SMX customers with the SmartRules® DLP service, in order to help all our health customers secure their email flow. As with all of SMX's services, we fully report on all actions taken by our servers on behalf of our customers. This includes any actions taken with emails that trigger DLP policies defined in SmartRules®.
All up, from the initial contact from the customer's IT manager to algorithm roll-out and successful testing, the process took less than 48 hours. The customer's site is now secured against sending out confidential patient health records via email and our other SmartRules® customers are getting the benefit of this new feature as well. If you're in the health industry in NZ you should look at whether SMX's NHI detection algorithm can help you secure your DLP email issues.