How Hospitals Can Harness Identity Access Management to Mitigate Cyberattacks

Ferdinand Hamada, Managing Director, Healthcare, Pharma & Life Sciences

On Thanksgiving Day, Ardent Health Services was hit by a ransomware attack that disrupted ambulance routes for hospitals in New Jersey, New Mexico, Oklahoma, and Texas and forced them into diversion mode, unable to accept new patients or perform some surgeries. This is just the latest alarming example of rising attacks on healthcare organizations, making it more critical than ever to maintain visibility over who and what is connected to hospital networks.

With these increased risks — coupled with an uptick in mergers and acquisitions (M&A) plus the ongoing issue of attrition in the industry with 60% of all healthcare support workers expected to leave their jobs within five years — ensuring that identities are managed appropriately is critical to mitigate these risks.

To improve security during these times of flux, hospitals should proactively develop a centralized identity access management (IAM) system to combat increased vulnerability to attacks. IAM systems help identify potential access and permissions risks, which makes them an essential part of hospital cybersecurity programs. By detecting access disruptions in advance and implementing solutions to manage them, hospitals can reduce their impact on patient safety, revenue, reputational loss, and operations.

To create a robust and sustainable IAM program, here are three areas that hospital IT and security teams should focus on:

Limit access to reduce risk

In many hospitals, staff have access to more systems than they need to perform their core duties. To keep information safe, access to data and other valuable assets should be limited and permissions requests should be accurately validated. There are several ways to reduce access across hospital systems, but no one approach stands alone. Determining the best combination of strategies will depend on how an organization currently accesses data and its larger security objectives.

• Web single sign-on. Multiple parts of an organization’s internal and external web presence require user authentication and authorization to properly secure sensitive data. Web single sign-on frameworks simplify this process by maintaining a user’s authenticated state throughout their entire web session.
• Adaptive access. Different information and resources carry different levels of risk. Adaptive access enables an organization to easily require more robust authentication for riskier assets while easing accessibility for low-risk resources.
• Reverse proxy. A reverse proxy sits behind the company firewall and forwards web requests to a server for response. This simplifies the user experience and reduces the amount of information about an organization’s internal network structure that is shared with third parties.
• Federation login. Contractors and partners require limited systems access, but creating accounts within an organization’s identity management system is time-consuming and adds complexity. Federation enables secure identity sharing across organizations by simplifying authentication and access management for partner organizations.

Implementing new or updated access procedures should also work with existing internal or external frameworks, policies, and technologies. This enables a seamless transition to a new IAM model, promoting appropriate access to data and resources across an entire organization.

Develop onboarding and offboarding checklists to manage employee permissions

While security programs are often focused on mitigating external threats, employees can pose the same or greater security risk to hospitals and patients, whether purposefully or accidentally.

Human security risks come in a variety of different forms:

• Social engineering and phishing. Social engineering attacks aim to gain physical access to a secure area or system using human interaction. These attacks often occur using convincing messages for phishing. Phishing can happen via email, telephone (voice phishing or vishing), text message (SMS phishing or smishing), and even on social media.
• Insider threats. Insider threats are caused by employees, contractors, and vendors who have access to the hospital’s systems, and they can occur unintentionally, intentionally, or collusively.
• Negligent behavior. Employees can also inadvertently place data and security at risk by doing things like insecurely using applications and devices or sharing passwords.

These types of human-based threats can also increase during transitional periods, so it’s important to have IAM plans and processes in place to minimize their risks. Developing checklists to control access during onboarding and offboarding processes can help ensure smooth changeovers. Additionally, employee security training should include how to manage security risks within your specific organization in addition to traditional threats like phishing and reporting lost devices.

Implementing a centralized dashboard for IT teams that provides real-time monitoring, remote access and automated alerts

User rights and privileges, or simply who in an organization has access to what data and systems, need to be readily visible to an IT team. Using IAM platforms and tools provides a scalable and automated foundation for compliance controls, access requests, password management, and identity-enabled visibility.

Implementing a centralized IAM system enables an organization to achieve full visibility and control over its information. These solutions can also help reduce manual workload and save a security team’s time. For example, automating standard procedures and threat alerts can give IT teams more time to focus on real-time monitoring and intercepting potential remote access threats.

As the healthcare industry continues to face increased cybersecurity threats, hospitals will operate more safely by better-protecting data across their organization. Securing employee and device access and implementing a centralized management system to monitor sensitive information should be a key pillar of any hospital business plan. Ultimately, the robust protection of IAM programs mitigates risk and protects sensitive patient information, systems, reputations, and revenue.

… Read the full article here: Readers Write: How Hospitals Can Harness Identity Access Management to Mitigate Cyberattacks – HIStalk (histalk2.com)