Healthcare is experiencing an onslaught of challenges. The Covid-19 pandemic, increased cost and movement of labor, talent shortages, and the rise of telehealth options have upended the traditional healthcare environment. Cyberattacks pose more risk than ever, as government compliance measures and economic turbulence add to the overwhelming complexity. Naturally, healthcare demands continue unabated. Yet, there’s one challenge creating major barriers to growth: the lack of investment in aligned and integrated cybersecurity controls.
The Human Cost of Cyber Attacks
Healthcare delivery organizations (HDOs) are seeing cyber threats become more dangerous, sophisticated, and unfortunately, common. Thanks to rapid digitization, the attack surface area has expanded, giving bad actors more “opportunity” to pursue. In fact, recent research indicates that 99% of healthcare IT security leaders have experienced a cyberattack in the past 12 months. Plus, a new report from JAMA found that the private health information (PHI) of nearly 42 million people were exposed due to ransomware between 2016 and 2021.
The repercussions of attacks also have a human cost. A recent Imprivata report found that 32% of HDOs have been forced to divert patients to other healthcare facilities in the past year alone. Additionally, 31% said attacks have delayed procedures and tests, resulting in poor outcomes for patient care. Simply put, cyberattacks compromise healthcare’s ability to function and can lead to negative or even fatal outcomes. This alone calls for HDOs to develop a cybersecurity strategy that puts digital identity at the core, ensuring they can let the right people in and keep the wrong people out.
Protecting Healthcare Organizations and Patients Means Protecting the Digital Identity
Considering the evolving threat landscape, it’s no surprise that spending on information security and risk management is predicted to grow 11.3% to reach $188.3 billion in 2023, according to Gartner. That said, it’s important to recognize that not all security strategies are created equal. For example, Zero Trust aims to improve verification and bolster security. However, broad deployment is trailing, mostly due to complexity and limited integration. Plus, implementing Zero Trust Architecture (ZTA) can be daunting. Healthcare's environment is comprised of decentralized, mixed ecosystems that make it challenging to balance security and compliance with quick clinical access. Without a plan that considers the challenges of this fragmented infrastructure, healthcare will continue to struggle.
So, what’s the best approach? Comprehensive digital identity management. This puts identity access management at the center of security, and it’s critical to thwarting threats, safeguarding patients, and reducing costs overtime. There are three core pillars: establishing user access controls, monitoring user activity, and enabling access without hindering workflows. Enforcing password-less authentication is a key component of digital identity, as it protects credentials and makes logins practically invisible through biometrics or badge tap access, while efficiently enforcing Zero Trust policies. As threats evolve, strategies must adjust. This approach is key to reducing complexity, achieving compliance, and accounting for human error.
Implementing a digital identity strategy requires a multi-year plan and significant (but necessary) investment. With healthcare being rocked by financial instability and rising costs, some stakeholders may question the effectiveness of investing in cybersecurity resilience compared with implementing immediate protocols for data protection. However, long-term investment in identity will alleviate resource constraints, reduce burnout, and lead to reduced risk over time, greater efficiency, and more return on your investment.
The identity fragmentation conundrum
Following the onset of remote work, some HDOs rushed to implement solutions that provided a quick fix but haven’t proved sustainable. Working with multiple security vendors and products can be confusing and create barriers to effective integration. By partnering with a strategic digital identity provider, HDOs can assess their security posture through a single pane of glass to determine the best method for their environment.
While it’s possible to develop fragmented security infrastructure from several different software sources, the most cost- and time-efficient method requires a holistic strategy, with strong integrations between products to grant 360-degree visibility through a single platform.
There are four core solutions organizations can implement to build their digital identity foundation: privileged access management (PAM & VPAM), single sign-on (SSO), multi-factor authentication (MFA), and identity governance administration (IGA). Together, these solutions offer frictionless access and authentication to trusted users, monitor all privileged and vendor access, safeguard credentials, and enforce access controls – building a strong framework for continued growth in digital identity security.
With cyberattacks becoming more insidious, HDOs must fundamentally rethink their cybersecurity and consider a digital identity-centric strategy. With expanded budget in 2023, healthcare organizations can make reliable decisions that ensure their infrastructure can remain agile amid the evolving threat landscape. A holistic approach to digital identity management will alleviate IT burdens, reduce clinician time spent with technology, and, most importantly, improve patient care.
Author: Gus Malezis, CEO at Imprivata
Bio: Gus Malezis is the President and Chief Executive Officer of Imprivata. Gus is widely recognized as a visionary leader in the information technology security industry where he brings more than 30 years of experience driving innovation and growth while building market leading organizations.