Mar 07, 2023The Hacker News
security, increase clinical productivity, and boost healthcare’s
bottom line. — by Gus Malezis, CEO of
Imprivata
Digitalization has created immeasurable opportunities for
businesses over the past two decades. But the growth of hybrid work
and expansion of Internet of Things (IoT) has outpaced traditional
‘castle and moat’ cybersecurity, introducing unprecedented
vulnerabilities, especially in the healthcare industry. Although
all organizations have important data to secure, healthcare holds
some of the public’s most sensitive personal health information
(PHI) – not to mention insurance and financial data, as well.
We all expect this information to be secured and protected,
especially with HIPAA laws in place. However, due to increasing IT
fragmentation and the growing sophistication of cyberattacks, this
is no longer guaranteed. In fact, the number of individuals
affected by health data breaches in the U.S. since 2009 is greater
than the U.S. population of just over 330 million, according to
HIPAA[1]. It’s clear that legacy
methods to protect PHI aren’t up to par. Today’s healthcare
organizations need to prioritize a strategy focused on securing the
user (the digital identity) and their credentials, not the
environment.
The benefits of digital identity for your bottom line
We all understand the concept of insurance in our personal lives
and pay those premiums to ensure coverage if tragedy strikes. We
don’t view insurance to be the sole layer of protection, and indeed
we consider prerequisites such as good knowledge, training,
preparation and accreditation (where applicable) as basic
investments. Insurance offers the final layer of protection. The
same must hold true for the organizations responsible for
protecting PHI and other sensitive data. That’s where cyber
insurance becomes essential; however, without a sound digital
identity strategy in place, the likelihood of qualifying is low (if
not impossible).
Many underwriters require organizations to go through an
in-depth vetting process to ensure they have robust solutions to
control and monitor the access of users across their systems. This
means less risk for the organization, and less risk for them. It
also means less expensive premiums, which skyrocketed by 26.8% in 2022.[2]
Digital identity is the key to meeting these requirements.
Implementing a holistic strategy can effectively reduce the cost of
the premium and the long-term risk of a cyberattack or breach –
putting more savings towards your bottom line and patient care.
Investing in digital identity is an investment in healthcare
systems and patients.
Establishing a digital identity strategy is an investment, but
it’s one that is prudent, practical, and necessary for
future-proofing your infrastructure. It provides a myriad of
security, compliance, and privacy benefits that clinicians,
security teams, and patients experience every day. From a clinical
perspective, digital identity makes accessing technology completely
transparent – invisible even. Tools like no click access single
sign-on can streamline logins and authentication processes to all
applications, systems, and data, whether on-prem or in the cloud,
to give back more time for patient care and reduce time spent with
technology. IT teams also experience workflow improvements with
digital identity, as it secures credentials and improves the
compliance and security posture. And from a patient perspective,
digital identity means better protection of PHI, and more
meaningful time spent focused on care.
With that in mind, implementing a comprehensive strategy can be
daunting for those with fragmented IT environments and countless
users and roles that change daily. To get started, healthcare
organizations should:
- Assess and consolidate their tech stack. Healthcare
organizations are often running thousands of applications. This
excess not only increases the attack surface, but also the risks
associated with more third-party vendors accessing your systems –
especially considering that only 34% of organizations[3]
assess their vendors for basic security requirements. Rationalizing
applications will provide better visibility over the environment,
improve operability, and reduce unnecessary costs and
exposure. - Automate user account provisioning and de-provisioning.
Healthcare workers need access to clinical applications from the
moment they are onboarded, but manual provisioning is slow and
error prone. Likewise, as roles change or staff leave the
organization, healthcare systems need to be vigilant off-boarding
users, too. Stolen credentials[4]
were a leading vector for breaches in 2022. By automating the
provisioning and de-provisioning processes, organizations can
disable access instantly to eliminate the risk of compromised
credentials from an inactive account. - Implement multifactor authentication (MFA). MFA is
becoming more widely adopted for businesses and consumers alike.
But with two or more verification factors required for clinicians
to prescribe medication or access the electronic health record,
it’s essential for this process to be efficient and secure. With
digital identity, health systems can verify access without
impacting clinical workflows through biometric or badge tap
authentication. This added layer of efficient security can prevent
a bad actor from laterally moving across a network, while improving
time to access for clinicians and directing time back to patient
care. - Give users a password-less experience. Passwords have a
tricky habit of protecting AND making organizations vulnerable. If
they’re easy to remember, they’re easier to hack. But if they’re
too complex most people will find workarounds, like writing them on
post-its or sharing credentials with other users. Single sign-on
(SSO) solutions can eliminate password fatigue and simplify access
by replacing logins with no-click authentication, while enforcing
complex passwords that users rarely need to enter. - Practice the principle of least privilege. Although most
organizations rely on third-party vendors, 50%[5]
have experienced a third-party data breach, primarily as a result
of giving too much privileged access. With privileged access
management, a user is only granted access to perform a specific
task, and nothing more. This improves security and safeguards
access to the organization’s most sensitive information.
As healthcare organizations adapt to a new normal of IT
security, it’s essential to implement a digital identity strategy.
With insurance requirements becoming more costly and stringent, and
cyberattacks more threatening, digital identity[6]
is the key to future-proofing healthcare digitalization. It ticks
the box for several cyber insurance and federal compliance
requirements, in addition to following zero trust principles.
Between strained budgets and escalating cyber risks, digital
identity can reduce risk while improving compliance, streamlining
user access, and bolstering security.
Given the frequency and severity of today’s cyberattacks, the
next one is a matter of if, not when. It’s time for healthcare to
save more by proactively investing in digital identity.
Note: This article is written by Gus Malezis, CEO of
Imprivata, a digital identity company that helps mission- and
life-critical industries solve complex workflow, security, and
compliance challenges. Their platform offers identity,
authentication, and access management solutions for managing and
securing enterprise and third-party digital identities, operating
in over 45 countries.
Found this article interesting? Follow us on Twitter [7]
and LinkedIn[8]
to read more exclusive content we post.
References
- ^
HIPAA
(www.hipaajournal.com) - ^
by 26.8%
in 2022. (www.ciab.com) - ^
34% of
organizations (security.imprivata.com) - ^
Stolen
credentials (www.verizon.com) - ^
50%
(security.imprivata.com) - ^
digital
identity (www.imprivata.com) - ^
Twitter
(twitter.com) - ^
LinkedIn
(www.linkedin.com)
Read more https://thehackernews.com/2023/03/why-healthcare-cant-afford-to-ignore.html