Safeguarding Australia's healthcare systems with identity security

SailPoint

By Nam Lam, Country Manager, ANZ, SailPoint
Friday, 30 September, 2022


Safeguarding Australia's healthcare systems with identity security

Healthcare data breaches in Australia have reached record levels. According to the OAIC, the health sector recently reported 83 data breaches, and is the highest reporting industry sector. Health service providers also reported an equal number of breaches resulting from malicious or criminal attacks and human error (47% each). With health care now included under the Security of Critical Infrastructure Act (SoCI Act), there’s clear recognition that the sector is of key interest from a national security perspective.

COVID-19 has caused several challenges to Australia’s healthcare organisations such as a surge in cyber attacks with threat actors using various methods to infiltrate systems and networks, and a lack of skilled labour across the industry. Remote working has also expedited digital transformation in health care, despite the underinvestment in corporate and clinical-based systems with a significant footprint in legacy, on-premise architectures.

In addition, with OAIC’s recent report confirming that almost two-thirds (65%) of cyber incidents involved malicious actors gaining inside access to accounts using compromised or stolen credentials, it is no surprise that 70% of Australian citizens see privacy as a major concern, indicative of their lack of trust and confidence in sharing their personal health information digitally.

With the above at play and thousands of identities hard at work within these organisations, a struggle ensues to keep up when digital and data continue to proliferate. It is no longer viable to give users broad access to internal healthcare systems.

What’s the relevance of identity security?

Given that most Australian data breaches are due to insider threats, identity security needs to be a key consideration for all cyber and digital strategies. Identity security enables complete visibility and orchestration of granular access of all user types and their related access, including all permissions, entitlements and roles. This ensures healthcare workers such as clinicians, pharmacists and social workers only have the access to the resources and applications they need to perform their job function.

Subsequently, healthcare organisations can enforce a least-privileged access posture, which will help with reducing the number of data breaches within health care, as every single identity in the organisation will only have the minimum amount of access required for their job. With tighter security controls in place, Australian citizens would feel more assured to share their private health information.

Furthermore, identity security adds value in addressing legislative, regulatory and compliance obligations required by the SoCI Act, in a cost-effective manner. This is achieved by seamlessly integrating with existing systems and empowering non-IT health care users to own and drive access audit requirements via an intuitive, user-friendly interface, suitable for non-technical users.

From legacy to SaaS-first

Healthcare organisations are typically built on legacy systems, which has inherent security risks and is labour-intensive to maintain. Legacy infrastructures are often inflexible and rely on manual processes for tracking user identities, making it possible for human errors, which may result in security loopholes that can be exploited by cyber attackers.

Taking a true native SaaS approach with identity security which is interoperable with a mix of on-premise and cloud environments prevents time-intensive manual processes and reduces legacy debt by being version-less and ensuring innovation is always on. This also helps free up the IT maintenance workload and reduces risk for healthcare organisations as all general and security upgrades are taken care of from the cloud.

With a SaaS model, healthcare organisations need not worry about IT overhead and operational costs and can expect a more transparent total cost of ownership. Other benefits include enhanced data security, telehealth and improved patient engagement while improving productivity and reducing pressure on employees.

Given the labour shortage, a SaaS-first approach provides continuous agility to the evolving nature of the healthcare sector, enabling healthcare workers to focus on their key responsibility — providing optimal patient care.

A critical move towards AI-driven identity security

Artificial intelligence (AI) further empowers healthcare organisations through a self-driving approach to identity security.

By leveraging AI and machine learning, healthcare organisations can get intelligence and insights into access privileges and abnormal entitlements and provide users with the right access at the right time. They can also automatically modify or terminate access based on changes to a user’s attributes or location, and automatically perform remediation actions when risky activity is detected.

With an integrated, automated and intelligent identity security strategy, healthcare organisations can make better and faster access decisions to provide a secure and seamless patient experience.

Image credit: iStock.com/marchmeena29

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd