Below are excerpts from the 7-15-2021 article in Healthcare InfoSecurity entitled “Why it’s Time to Reassess IAM in Healthcare.”
Read the full article here: https://www.healthcareinfosecurity.com/its-time-to-reassess-iam-in-healthcare-a-17081
Healthcare Providers’ Challenges
Experts note that different segments of healthcare can also face different difficulties with IAM.
“Providers face big challenges, payers less so, but more akin to other industries,” Johnson says. For instance, “roles and role-based access control have unique challenges for healthcare providers. The IAM industry has recognized this and created the idea of ‘personas,” notes former healthcare CIO David Finn, executive vice president at security and privacy consultancy CynergisTek.
Grant says it’s important for healthcare organizations to “make sure their CISO owns identity, or if not owning it, they at least need to have major influence and signoff over decisions.”
For instance, in many healthcare enterprises, “IAM is owned by healthcare delivery or IT operations – those groups generally don’t prioritize security,” he says. “And that’s what often leads to IAM being exploited by threat actors to steal data or launch ransomware attacks.”
Strengthening IAM
Jeremy Grant, a managing director at law firm Venable LLP and former senior adviser to the National Institute of Standards and Technology’s national strategy for trusted identities in cyberspace suggests that every healthcare organization should take time to review the Health Information Sharing and Analysis Center’s Framework for CISOs to Manage Identity.