Why It’s Time to Reassess IAM in Healthcare
Below are excerpts from the 7-15-2021 article in Healthcare InfoSecurity entitled “Why it’s Time to Reassess IAM in Healthcare.”
Read the full article here: https://www.healthcareinfosecurity.com/its-time-to-reassess-iam-in-healthcare-a-17081
Healthcare Providers’ Challenges
Experts note that different segments of healthcare can also face different difficulties with IAM.
“Providers face big challenges, payers less so, but more akin to other industries,” Johnson says. For instance, “roles and role-based access control have unique challenges for healthcare providers. The IAM industry has recognized this and created the idea of ‘personas,” notes former healthcare CIO David Finn, executive vice president at security and privacy consultancy CynergisTek.
Grant says it’s important for healthcare organizations to “make sure their CISO owns identity, or if not owning it, they at least need to have major influence and signoff over decisions.”
For instance, in many healthcare enterprises, “IAM is owned by healthcare delivery or IT operations – those groups generally don’t prioritize security,” he says. “And that’s what often leads to IAM being exploited by threat actors to steal data or launch ransomware attacks.”
Strengthening IAM
Jeremy Grant, a managing director at law firm Venable LLP and former senior adviser to the National Institute of Standards and Technology’s national strategy for trusted identities in cyberspace suggests that every healthcare organization should take time to review the Health Information Sharing and Analysis Center’s Framework for CISOs to Manage Identity.
- Related Resources & News
- Health-ISAC Hacking Healthcare 10-15-2024
- Health-ISAC Welcomes Booz Allen Hamilton to the Ambassador Program
- Health-ISAC Hacking Healthcare 10-9-2024
- Monthly Newsletter – October 2024
- Health ISAC leads effort to transform SBOM information sharing under CISA-facilitated community work
- CyberEdBoard Insights: Phil Englert and Errol Weiss
- Health-ISAC Hacking Healthcare 9-10-2024
- Strengthening Healthcare Cybersecurity: Lessons from Recent Supplier Attacks
- Specialize in Securing Critical Infrastructure
- How AI is transforming cybersecurity, on defense and offense