Healthcare and healthy networks go hand in hand, especially now that cyberattacks are getting more sophisticated by the minute.
One of the important steps in sealing off the security gaps in your network is to protect and manage your organization's "keys to the kingdom": your privileged accounts. These accounts might belong to the hospital dean or your CISO, or even a lab technician who handles thousands of patients' data every day. Compromise of even a single privileged account could lead to irreversible damage.
A study by Calyptix shows that hacking ranks among the top five causes of data breaches in the healthcare industry. A hacker's favorite way to get instant access to a large number of systems is by stealing credentials of privileged accounts. Unsurprisingly, more than 70 percent of hacking incidents are a result of stolen authentication credentials.
Verizon's 2018 Data Breach Investigations Report also reveals that 63 percent of security incidents within the healthcare industry in 2017 were attributed to compromise of unprotected privileged accounts. At least 79 percent of that compromised data contained critical medical information, with the rest being personal and payment data.
There's ample evidence that privileged accounts are the weakest link in most organizations' data security chain. So, what are you going to do to protect your privileged accounts?
Privileged access management (PAM), to put it simply, is a way of managing privileged accounts and controlling access to critical information systems throughout your organization. PAM employs a number of strategies that are designed to close off vulnerable blind spots in your network that an attacker might exploit to gain entry to your critical systems.
Implementing some of the highly recommended PAM practices listed below will give your organization a strong foothold in the fight against cybersecurity threats.
Elevated privileges are a major threat for sectors like healthcare where a huge amount of critical data is accessed on a daily basis and often in a time-sensitive manner. Privileged accounts belonging to administrative staff, management personnel, etc. enjoy fairly unrestricted access to valuable data that's not necessarily relevant to their work, leaving that data vulnerable to misuse.
The Protected Health Information Data Breach Report by Verizon provides exclusive insight into this facet of the industry. It reports that healthcare is the only industry in which internal actors are the biggest threat to an organization's data security; a whopping 58 percent of security incidents in 2016 and 2017 involved insiders.
You can combat elevated privileges by introducing well-defined user roles that are relevant to each employee's job description, and placing stringent restrictions on users' access privileges. This will ensure employees do not access data that's outside the scope of their jobs.
While adopting a strong password policy is the first step in tightening your organization's security, strong passwords alone don't stop cyberattacks. Hackers are way more persistent, often using brute-force attacks and social engineering to gain access to privileged information.
More importantly, the strength and uniqueness of passwords means nothing if they're still saved in sticky notes or plain text files. The best approach is to use a password manager to encrypt your passwords using algorithms such as AES-256 and store your credentials under a safe vault.
A major part of password security lies in changing your passwords frequently. Accounts that run on reused passwords for extended periods of time are as good as left unlocked. Password management tools can help generate unique passwords and enforce regular password rotation, taking some of the burden off IT admins' shoulders.
Simplifying password management can also discourage password sharing amongst colleagues who may have different levels of privileged access.
Multi-factor authentication (MFA) is an effective security strategy that combines two or more different levels of authentication to create a layered barrier for your privileged accounts. In addition to their regular passwords, MFA requires users to provide another credential to prove their identities. While this is often a one-time password sent to the user's mobile number or email address, there are certain MFA methods that use biometric information as well. Tedious as it may be, MFA does have its advantages in protecting privileged accounts.
Make monitoring user activity and maintaining audit trails integral parts of your PAM routine. To cite a recent example, a large-scale data violation at the SingHealth hospital in Singapore went unnoticed for 10 days; by the time the hospital authorities detected suspicious activity, several million patients' data had already been exfiltrated from the hospital's database. This goes to show how valuable a monitoring system can be.
Should an attacker break through your defenses and access your systems, having session recordings saved at a secure location would ensure that any suspicious activity gets captured and the intruder is caught before it's too late.
With cyberattacks getting more inventive and dangerous by the minute, it's time for IT managers to get smarter about protecting their organization's critical information. Implementing these tried and tested PAM practices will help you mitigate data violations to a large extent.