The challenges of properly managing and securing privileged access across heterogeneous environments such as health care can be difficult, but they’re not impossible to overcome with the modern solutions and approaches available today.
- In particular, the healthcare sector has been ahead of the curve and has made drastic improvements in its digital transformation activities over the past decade by transitioning from paper-based to digital systems.
- Digital health technology was also applied to meet the most urgent needs, including in the immediate outbreak response and later in impact reduction, when navigating the COVID-19 pandemic.
- For example, by performing routine patient visits remotely, healthcare providers were able to exploit telehealth to perform triage or offload hospital staff.
The Growing Security Threat to Health Care
Although it can be difficult to incorporate something with an outdated approach, the issues are particularly poignant and important when it comes to security.
Misuse (incidents involving unapproved or malicious use of organisational resources) is a common root cause of security incidents in health care, according to the ‘2020 Verizon Safe Health Information Breach Report.’ The threat actor is misusing privileged credentials in 66% of incidents to gain unauthorised access to data.
Attacks are as common as ever, with recent attacks such as the breach of Magellan Health that affected more than 365,000 patients or the credential hacking of 274,000 patients affected by the Profit Recovery Specialists. Moreover, just last month, an analysis of the 2019 data breach by LifeLabs confirmed that the research company gathered more than required personal health information and did not have appropriate security tools and processes in place.
So where do we start trying to thwart these attacks and preserve the enforcement that is necessary?
A good place to start is to look at how attackers try to access data from healthcare and then combat those methods and techniques. It only requires one tainted certificate, for instance, to result in millions of penalties and fines from HIPAA. If 80 percent of data breaches, such as Forrester Research reports, are related to compromised credentials, it is necessary to identify and target that field and do everything possible to avoid this. Read from source