SRM VALLIAMMAI ENGINEERING COLLEGE

(An Autonomous Institution)

SRM Nagar, Kattankulathur – 603 203

STUDENT PROJECT PROPOSAL

1. Name of the Student (s) : Chendur Sutharsan A C M, Dineshbabu S, K A Ganesh

One valid e-mail id : [email protected]

2. Name of the Guide
Department / Designation
Institutional Address
Mobile No / Phone No
3. Project Title
4. Sector in which your Project
Proposal is to be considered
5. Project Details
: Mr. E Rajkumar
: Cyber Security / Assistant Professor (O.G)
: SRM Valliammai Engineering College, SRM Nagar,
Kattankulathur, Chengalpattu – 603 203
: +91 9626804656
: Securing ePHI in Healthcare by deploying HIDS and
EDR Technologies for HIPAA Compliance
: Engineering & Technology
:

1. Introduction :
In recent days, the healthcare organizations are evolving much faster compared to other
sectors. These organizations handle assets known as electronic Protected Health Information
(ePHI), which includes data such as medical records and sensitive information about the patients
treated within these healthcare organizations. This data is highly confidential and can only be
accessed by the authorized persons through Role-Based Access Control (RBAC). The protection
of ePHI data is mandatory and paramount. Regulations like Health Insurance Portability and
Accountability Act (HIPAA) ensure data protection and access controls to secure the ePHI.
Compliance with HIPAA regulation is essential not only for legal adherence but also for
maintaining patient trust and securing sensitive data. To address these challenges, the proposed
idea focuses on deployment of advanced cyber security technologies, such as Host Intrusion
Detection Systems (HIDS) and Endpoint Detection and Response (EDR) solutions, integrated
with Security Operation Centres (SOC), Network tools and Threat Detection & Intelligence tools.
This approach aims to enhance ePHI security in healthcare organizations. HIDS plays a crucial
role in monitoring and analyzing the activities on individual hosts or devices, providing a vital
layer of defence against unauthorized access and potential threats. On the other hand, EDR
technology offers comprehensive visibility into endpoint activities, facilitating proactive threat
detection, rapid response, and continuous monitoring. When these technologies are combined
with SOC operations, they centralize the management of security events and incident responses.
This integrated approach creates a robust framework for the protection of ePHI. By leverage these
tools, healthcare organizations can enhance threat intelligence, streamline incident management,
and ensure continuous compliance with HIPAA regulations. The idea aims to explore the
integration of HIDS and EDR with SOC operations, assessing their collective impact on ePHI
security.
2. Objectives :
 To implement robust cyber security measures to ensure adherence to HIPAA regulations and
protect electronic Protected Health Information (ePHI).
 To integrate Host-Based Intrusion Detection Systems (HIDS) and Endpoint Detection and
Response (EDR) to enhance monitoring and threat detection.
 To establish a Security Operations Center (SOC) to oversee continuous security monitoring,
threat detection, and incident response.
 To conduct risk assessments and perform specialized risk assessments tailored to the
healthcare sector to identify and address vulnerabilities related to ePHI.
 To apply necessary HIPAA-mandated administrative and technical safeguards to strengthen
data protection and reduce the risk of data breaches.

3. Methodology :
The methodology of the proposed system briefly explains the key aspects which includes the
techniques of security mechanisms such as administrative security and technical security. The
classification of proposed system is discussed below.

Host-Based Monitoring and Alerting : Deploy a Host-Based Intrusion Detection System

(HIDS) to monitor file integrity on systems handling ePHI with access control. Configure the
HIDS to detect unauthorized changes and set up alerts for anomalies. Regularly review HIDS logs
to identify and address potential security threats, ensuring data integrity and facilitating quick
breach detection.

Endpoint Security and Incident Response : Implement Wazuh’s Endpoint Detection and
Response (EDR) to monitor healthcare endpoints. Set up continuous activity tracking and
automated response protocols to isolate compromised endpoints and address threats. Regularly
review security data and logs to improve detection and response capabilities, ensuring robust
protection for ePHI and swift incident handling.

Security Event Aggregation and Monitoring : Set up a SIEM system to consolidate logs from
HIDS and EDR. Use Logstash for data collection, Elasticsearch for indexing, and Kibana for real-
time dashboards. Configure automated alerts for potential security incidents and analyze the data
to identify trends and improve overall security

Compliance Assurance and Reporting : Integrate HIPAA compliance into Wazuh by setting up
specific rules for ePHI security in accordance with the Privacy Rule, Security Rule, and Breach
Notification Rule. Automate the generation of compliance reports and regularly audit these
reports to ensure continuous adherence to HIPAA standards. Address any deviations promptly to
maintain compliance and safeguard ePHI.

Advanced Threat Detection and Analytics : Integrate machine learning into Wazuh to detect
sophisticated threats and unusual patterns. Use these models to identify insider threats and
emerging risks, continuously analyze system behavior, and improve security by adapting to
evolving threats.
4. Work Plan :

S.No Timeline Process

1 Jul 15 ᵗʰ - 24 ᵗʰ, 2024
2 Jul 25ᵗʰ - 31ˢᵗ, 2024
3 Aug 1 ˢᵗ - 13 ᵗʰ, 2024
4 Aug 14ᵗʰ - Sept 10ᵗʰ, 2024
5 Sept 11ᵗʰ - Oct 9ᵗʰ, 2024
6 Oct 10ᵗʰ - Oct31ˢᵗ, 2024
7 Nov 1ˢᵗ - Dec 10ᵗʰ, 2024
Literature survey
Wazuh Deployment and Integration
Host-Based Intrusion Detection
System (HIDS) Implementation
Endpoint Detection and Response
(EDR) Implementation
Security Information and Event
Management (SIEM) Setup
HIPAA Compliance Monitoring and
Reporting
Advanced Analytics and Machine
Learning Integration

5. Budget :

S.No Hardware and Software Expenditure

1 Wazuh Cloud SIEM Integration Cost (Basic Tier) 2,000
2 Self-Hosted Servers Cost 3,500
3 Data Storage and Operational Backup Cost 1,000
4 Incidental and Security Enhancement Cost 1,500
Total Budget 8,000