The number of healthcare breaches in the last few years is staggering, which inspired Texas State University Assistant Professor Alexander McLeod to look into how modeling exposure can determine why these types of breaches continue to proliferate.

While there are “canned answers” from the U.S. Department of Health and Human Services’ Office of Civil Rights’ breach reporting tool -- like a stolen device or email hack -- the modeling exposure tool developed by McLeod and his team dives deeper into the reasons behind the cause.

[Also: New at HIMSS18: Lightning sessions on blockchain, cloud, ransomware and patient experience]

For example, if a device is stolen, was the employee properly trained on that device? Did the employee leave the device in the car? To McLeod, these answers can help the industry dive deeper into actionable ways to improve security.

“Security issues are often labeled as a single cause,” said McLeod. “Sometimes you have canned reasons without cause analysis. We should model what’s happening to look at ways to help this issue without it occurring again. There’s some basic work in modeling, but not a lot that can be learned from previous research.” 

To dig deeper, McLeod began to develop with a model that pulls from multiple resources, like HIMSS Analytics, to model trends in data breaches. The model marries data from a massive data pool, to create a complete picture of all of the breach information together.

McLeod’s team spent a substantial amount of time to match organization names, matching lists, scouring the internet and other elements to “clean up the intersection of databases.”

“That was the biggest part -- because it was so manual,” McLeod explained.

Once completed, McLeod’s team had a combined database to begin analysis, which was then layered against different regulations from NIST, HIPAA, HITECH and governmental frameworks, using a “Swiss cheese-model” to find holes.

Using this method, the research team came up with organizational, technology and business process factors to categorize breach causes.

“When those holes line up, it represents the opportunity for a breach to occur,” McLeod said. “Each hole represents a barrier of things getting through the system.”

The model will be used to determine what’s going on in the industry. McLeod explained that when the holes line up the opportunity for a breach becomes real.

His team created calculations and came up with results that point to the elements they needed to focus on in the future. However, at its current function, the tool is more exploratory than predictive, he explained. 

McLeod’s team is continuing to refine the tool to make it more predictive, but it needs further testing. The group is hoping the get the tool to a place where it can evaluate organizations based on a certain set of factors.

For example, if an organization has a set number of factors, the probability increase for a breach, McLeod said.

His team is also taking it to the HIMSS community, and plans to “partner and engage the community to improve our model and try and collectively come up with a better explanation of why these breaches occur.”

Alexander McLeod and Texas State University Assistant Professor Diane Dolezel will discuss modeling factors associated with healthcare data breaches at HIMSS18 at 1 p.m. March 7 in Marcello 4401 of the Venetian Convention Center in Las Vegas.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com