More than a week back, Singapore National Public Health Authority revealed that almost 14,000 health records of people from Singapore and other foreign nationals were compromised and leaked online.
“I’m sorry that one of our former staff who was authorized to have access to confidential information in our HIV registry appears to not have complied with our security guidelines,” Health Minister Gan Kim Yong said at Singapore’s ‘Today Online’ news website.
While this breach incident is expected to have a long lasting effect, the security officials are bewildered about regaining the reputational damage. Numerous incidents have occurred in the past few years proving the world again and again that malicious insiders are the biggest threat to critical information. Even Gartner report shows that Insider threats shoot up to more than 50% in 2018 comparing to 2017.
Information Security will need to be at the center-stage of overall governance and compliance framework. Indeed, with business operations getting increasingly digitized, the attack vector has widened. Information assets are vulnerable as cyber criminals are becoming canny.
Health departments in particular face humongous challenges. These organizations store and process medical records of tens of thousands of patients. Typically, these organizations manage data with Managed Service Providers or in a shared IT environment. Hence, humans not computers are the weakest link in the security architecture. Data breach, Insider Threats, Identity theft, Web application attacks always linger as an increasing number of endpoints provide potential ways to cyber criminals and malicious insiders to gain unauthorized access to IT systems.
One of the most vulnerable digital assets is privileged accounts – the gateway to confidential information. Compromised insiders or third-party typically target privileged credentials to steal data. Therefore, authorization, validation, and monitoring of privileges are absolutely vital for ensuring robust data security.
And that’s why Privileged Access Management has become the core of IT security. Privileged Access Management ensures:
- A centralized policy framework to administer and control a user’s access to health information
- Access to critical information is made only after multifactor authentication
- End users are segregated based on job functions and responsibilities and access is restricted and fine-grained
- Secure third-party access to health information
- Robust access control if the health information is stored on cloud or maintained by Managed Service Providers (MSP)
- Privileged credentials are automatically randomized and securely vaulted
- Audit trails are maintained
The bottom line: In the ever-changing threat landscape, health-care organizations will need to be proactive rather than reactive to mitigate data breach threats. Most data breach incidents stem from weak access control. Essentially, Privileged Access Management builds the foundation for a robust Identity and Access Control Management whilst it helps in complying with industry regulations such as the EU GDPR and HIPAA.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.