Data breaches related to compromised privileged credentials are on the rise nationwide and continue to plague businesses in many critical infrastructure sectors, including the healthcare industry.
according to Verizon’s 2021 Data Breach Investigations Report, 80% of breaches involve compromised credentials, one of the most common entry points for threats.according to The cost of data breach reporting in 2021 According to research from IBM and the Ponemon Institute, compromised or stolen user credentials are the most common root cause of data breaches in 2021, with the longest time to identification (250 days on average).
at the same time, 2022 CrowdStrike Global Threats Report Noted that attackers are increasingly trying to achieve their goals without writing malware to endpoints. Instead, they are ramping up their innovation efforts to use identities and stolen credentials to bypass traditional defenses. In fact, according to the report, 62% of attacks indexed in Q4 2021 were non-malware, manual keyboard activity.
This is sobering news for healthcare providers, especially since medical information is widely believed to be Value between 10 and 40 times Not just credit card numbers on the black market. This is a worrying trend because medical records contain a patient’s Social Security number, which, unlike credit card numbers, never changes. The potential for cybercriminals to hijack personally identifiable information (PII) and use patient identities to commit fraud has become alarming. Medical record information can be used to purchase prescriptions, receive treatment, or make false medical claims.
At the same time, healthcare organizations and their enterprise networks and application infrastructures are undergoing digital and modern transformation. Like government and the private sector, healthcare organizations’ infrastructure is a mix of on-premises and cloud—a hybrid model of on-premises servers, storage, cloud workloads, software-as-a-service (SaaS) applications, and laptops and workstation desktops (Many are in “work from anywhere” mode). Combined with the explosion of end users, applications and devices that always seem to be changing, the modern healthcare environment introduces a wider potential attack surface. Reducing the attack surface remains a critical task for cyber defenders.
One of the most effective ways to reduce the attack surface is segmentation. But which type of segmentation should be used – network-centric or identity-centric?
Network Segmentation and Identity Segmentation
Network segmentation has existed for many years and is considered one of the core elements of network segmentation NIST SP 800-207 Zero Trust Framework. Network segmentation is a strategy used to isolate and isolate segments within an enterprise network to reduce the attack surface. While network segmentation reduces the attack surface, this strategy does not protect against identity-related adversary techniques and tactics. In fact, the segmentation method that offers the greatest risk reduction with reduced cost and operational complexity is identity segmentation.
Identity segmentation restricts access to applications and resources based on identity. These identities can be human accounts, service or program accounts, and privileged accounts.have more than 80% of attacks leverage user credentials, Perimeter security should be closer to the user – the “last line of defense”. Identity protection is the most important aspect of a zero trust security framework, limiting the attack surface that attackers can exploit. Identity segmentation enforces risk-based policies to restrict resource access based on employee identity.
Reduce cybersecurity challenges
An important feature of identity segmentation is the application of multi-factor authentication (MFA) to every conceivable application, even those for which MFA is not normally amenable.By segmenting end users based on behavior, network leaders can actually make the network more secure less This is a burden for workers, such as doctors and nurses, who need to access the same app multiple times throughout the workday. For example, doctors and nurses should not perform multi-factor authentication every time they visit the same asset. Instead, security administrators can separate low-risk users from those who need access to high-risk assets based on the devices they use, their identities, and the applications they use. Using these behavioral insights, MFA can be applied more frequently to those end users who exhibit higher risk, while mitigating the MFA challenges faced by end users engaged in low-risk workflows.The best identity segmentation solution will be no Treat every user equally.
Improve your identity security posture
Network segmentation is an important part of Zero Trust protection. However, healthcare IT and security teams can significantly reduce their organization’s threat exposure by focusing on the hacker’s most important target: employee identities. By applying identity segmentation and real-time detection and prevention of identity-related events, healthcare organizations can gain visibility into attack paths across the entire identity environment. They can limit the attack surface by continuously assessing identity gaps in their hybrid IT environment. They can do this by adding frictionless, risk-based authentication MFA and increasing security coverage by extending it to legacy systems and tools.
A cybersecurity program is a very important part of delivering modern healthcare. The industry continues to make great strides on the path to digital health transformation. Unfortunately, this journey has had unintended consequences, including an expansion of the cyber attack surface. Adversaries exploit these opportunities by hijacking healthcare systems, deploying ransomware, and stealing data. Healthcare organizations must now take additional innovative steps to transform their cybersecurity programs. A safety plan should not only support and protect their organization’s digital health investments, but also protect healthcare teams focused on providing better, safer, and more accessible care for patients and families.
but most Importantly, they must establish networking programs that protect patients and families, ensuring that health systems remain responsive to the needs of the communities they serve. Modern digital healthcare services require a cybersecurity transformation.
Photo: Getty Images, weerapatkiatdumrong
