Healthcare Industry: Time to reinforce privileged access control
Oct 24, 2018 | Healthcare , Authentication
IT security awareness has become a crying need for the CIOs, CISOs and CTOs of global enterprises. After BFSI, Government, Manufacturing, IT and Pharmaceuticals industry, now Healthcare industry is facing the wrath of Cyber criminals. Off late healthcare sector has become a lucrative target for those who target compromised privileged accounts to steal sensitive information. Here is a telltale evidence of what this industry has faced in the last six months’ period.
|September 2018||Blue Cross, Philadelphia, USA||An employee uploaded a file containing member information to a public website exposing data of more than 16,000 people|
|August 2018||Augusta University, Georgia, Eurasia||The patient records of Augusta University healthcare center were breached|
|July 2018||SingHealth, Singapore||Singapore's Govt. Health record was breached from front-end workstation's privileged credentials of 1.5 million people including that of PM Mr. Lee Hsing Loong|
|July 2018||LabCorp, Carolina, USA||Largest Clinical laboratories of US was forced to shut down all their network after suspicious activities were found happening|
|June 2018||Med Associates, Albany, USA||Healthcare billing vendor claims 2,70,000 patients' records were compromised by accessing one employee account|
|June 2018||Holland Eye Surgery & Laser Center, Michigan, USA||Eye hospital suffered data theft of more than 42,000 patients|
|May 2018||LifeBridge Health, Baltimore, USA||This hospital exposed private information of about 5,00,000 patients due to breach in the server of patient registration & billing|
|May 2018||MedEvolve, Arkansas, USA||Practice Management software vendor exposed 2,05,000 patients' records by allowing anonymous login without authentication|
(Information credit: HealthcareItNews)
Most of the security breaches happened because the user monitoring, authentication and access control mechanism of the privileged accounts were weak. Malicious insiders typically target privileged accounts to get hold of highly confidential information. In fact, the latest reports show that the reason for almost 60% of data breaches in healthcare the industry are due to malicious insiders. It is an alarming rise of more than 6% (figure might change after the last quarter of 2018) comparing to that of 2017. Most of the lost/ stolen records were not recovered and thus the organizations suffered huge financial and reputation loss. From more than 470 breach incidents (only Healthcare industry) that happened in 2017, almost 5.6 million patients’ records suffered privacy loss. Hence, it is imperative that organizations would take up stringent IT security policies for a robust access control and access management. However, the above incidents show that loopholes are still there to keep patients’ records safe and the compromised actors (insiders / third party elements) have made the most use of them.
As an obvious and important preventive measure, it is highly important for organizations to keep mandatory and continuous vigilance on the employees accessing critical accounts. A robust Privileged Access Management (PAM) can help the organizations mitigate data breach worries. Medical records are highly confidential where patients’ not only have their personal details but also the details of their keen who are attending them. Thus, a single compromise could result in dire consequences.
How Privileged Access Management (PAM) can be a solution to the healthcare industry’s critical information:
- Access to target systems is allowed on “need-to-know” and “need-to-do” basis
- PAM essentially builds a foundation of robust security framework by giving granular level control over privileged account users
- It gives real-time information on who is accessing what, when and where
- It helps to comply with security standards such as HIPAA, GDPR, PCI DSS, ISO 27001 and other regulations
- Privileged credentials are safeguarded and frequently changed through robust password vaulting
- Enforces the principle of least privilege accounts
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.