Ransomware can not only affect the company attacked, it can compromise the health and safety of patients and practitioners
Protecting the personal identifying information (PII) of patients needs to be at the forefront of any healthcare cybersecurity strategy. The healthcare industry in particular has regulatory obligations that have severe consequences if violated. HIPAA, PCI-DDD, Employee Privacy and SOX all impact the environment under which PII is accessed. Ransomware can not only affect the company attacked, it can compromise the health and safety of patients and practitioners.
The healthcare industry is subject to strict privacy-protection obligations. Weak controls over access to data can lead to unauthorized sharing of patient data at best and to disruption to healthcare delivery at worst. At a larger scale, the hospitals and other healthcare delivery institutions can be shut down by malware or ransomware, which can potentially lead to injury or death of patients. The safety, legal and financial impact of unauthorized access could not be higher.
Healthcare is an area that's been particularly impacted by ransomware, putting sensitive patient data (worth thousands of dollars, compared to $10-20 per record for consumer data) at risk without the proper perimeters in place.
Healthcare cybersecurity under the microscope
of breaches were perpetrated by external actors
of breaches were carried out by internal actors
of breaches were financially motivated
from 2019 to 2021
An Essential Tool
Privileged Access Management can protect critical systems
While the consequences of access control failures are large, the barriers to effective security are also considerable. Porous or non-existent physical security means that malicious actors can reach computers, network ports, and Wi-Fi in clinical settings. Shared workstations and doctors and nurses working under pressure may lead to weak authentication and a high likelihood of shared credentials where one user accesses data in the security context of another.
An emphasis on convenient and efficient access can often sacrifice security. Critical, operational systems like real-time patient monitoring equipment and imaging systems are also unlikely to receive software patches and may be vulnerable to serious abuse.
As the healthcare industry works to secure access to critical systems and combat these challenges, privileged access management (PAM) is an essential tool. With PAM, administrative and other accounts with elevated privileges can be protected in a number of ways — periodic password randomization multi-factor authentication (MFA), robust authorization policies, and access audit logs that ensure access is business-appropriate and users are accountable for their actions.
Secure Access with Bravura Privilege
As part of the Bravura Security Fabric, Bravura Privilege can provide healthcare teams frictionless, elevated, and time-limited access to reduce IT security risk and enhance accountability.
Randomize Privileged Account Passwords
Bravura Privilege addresses risks due to shared, static passwords used to sign in to sensitive accounts with elevated privileges. Passwords are frequently randomized and stored in a secure, encrypted, distributed credential vault. With Bravura Privilege users can even be launched directly into sessions (SQL Studio, RDP, SSH) without the user ever seeing the password. This addresses the risk of direct attacks, for example via password guessing.
Securely Store Credentials
Bravura Privilege strengthens the security of login processes by leveraging multi-factor, adaptive authentication. Users who require access must first sign in to Bravura Privilege, typically by combining two credentials — something they have (e.g., a smartphone, badge, or token), something they know (e.g., a directory password), or something they are (e.g., a fingerprint scan). Users then request access to accounts and Bravura Privilege signs them into the target system automatically, injecting the current password from its vault.
Get Just-in-time Access
Bravura Privilege empowers organizations to apply flexible authorization rules. Based on their identity within the organization (job title, dept, etc), access to routine accounts may be automatically approved at request time. For high risk and infrequently used accounts users may either be granted persistent access (i.e., all requests for a given account are automatically approved) or may have to request one-time access (i.e., case system owners or other stake-holders must approve each access request).
Ensure Administrator Accountability
With Bravura Privilege, organizations establish strong accountability for the use of privileged accounts. To create forensic audit trails, user access is recorded, both as metadata (e.g., user X signed in to account Y on system Z) and optionally via video capture and keylogging. Bravura Privilege can secure access to any system that has a login process based on IDs and passwords. This includes operating system logins (Windows, AD, etc.), application logins and logins to network attached network devices, including patient monitors and other “medical IoT” systems.
A Single Solution for Healthcare Cybersecurity Needs
Bravura Security leverages decades of experience to deliver the industry’s only single platform Identity, Privileged Access, and Password Management solution, resulting in rock solid reliability, performance, and scalability.
The Bravura Security Fabric provides the technological and architectural building blocks to manage and protect your entire digital identity and access infrastructure from malicious attackers. It encompasses all of the Bravura solutions including Privilege, Identity, Pass, and Group, plus the Bravura Discover threat detection and response (TDR) layer in a singular, powerful platform.
Download the Privileged Access & Healthcare data sheet
An essential tool in the effort to secure access to critical healthcare systems is privileged access management. With this, administrative and other accounts with elevated privileges have their passwords periodically randomized. Multi-factor authentication (MFA), robust authorization policies and access audit logs ensure that access is business-appropriate and users are accountable for their actions.
Access to this document requires registration. Please fill in the form below.