The UK’s healthcare sector is responsible for protecting some of the country’s most sensitive personal information and thanks to the rise of connected healthcare, brought about by advances in the likes of wireless devices, sensors and wearable technology, the amount of data being handled is rapidly growing.
It is being spread increasingly far and wide, often outside the perimeter of the corporate firewall.
The business of healthcare has drastically changed in a short amount of time. As such, cyber security is fast becoming one of the biggest concerns for the healthcare industry, with more pressure than ever before to minimise the damage associated with a data breach.
This can be a daunting task for digital healthcare providers in particular, given the nature of the information they deal with.
While addressing the fear of coming under external attack is an important part of the puzzle, for many data breaches the risks lie much closer to home.
Insider threats can result from human error or intentional theft, but both are equally damaging for health professionals that aren’t prepared.
In today’s digital world, users need access to a myriad of critical systems, applications, and data in order to do their jobs. This can be particularly challenging for large provider organisations, where users have multiple roles.
>See also: The (2nd) year of the healthcare hack
This makes it nearly impossible for organisations to ensure that each individual has the right access.
This is complicated further when you consider how the IT landscape now encompasses a hybrid approach of on premise and cloud-based applications, as well as mobile environments. It calls for an increasing need for visibility and control across an organisation’s users and their activity.
At the same time, hackers have moved on to the human attack vector (employees, contractors, partners and even suppliers).
In many cases, a legitimate identity is knowingly or unknowingly hijacked for illicit purposes.
In order to prevent or minimise data breaches tied directly to insiders, organisations must take a user-centric approach to security.
By leveraging strong, governance-based controls for managing access to sensitive information, or by putting identity and access management (IAM) at the center of the security strategy, organisations can ensure they have a single, unified view into and automated control over all user access, minimising their risk of insider threats, sabotage or fraud.
With growing scrutiny around protecting access to private and personal health information it is essential that businesses ensure their users have the right access at the right time to perform their work, and that access can be automatically revoked when it is no longer needed.
At the same time, when an identity-based breach does occur, organisations need to ensure they have the visibility to understand where they are exposed and how to address that quickly.
While prevention is, of course, still crucial, there are definitive steps that can be taken to increase resiliency and potentially reduce the negative impact of a breach when it does occur.
Those that don’t shift to a user-centric view of security could be leaving not only their patients and customers exposed to incredible risk, but their business too; inadvertently providing fuel for the fire and joining the growing list of data breach headline-hitters.
Sourced by Kevin Cunningham, president and founder of SailPoint