Many organizations do a reasonably good job at limiting access to data and systems for their general user population. When it comes to privileged access, however, most simply attempt to limit who and how many people have this type of access without considering the intrinsic risks of granting wide-open root or admin level access.
The latest data breaches have been the result of attackers gaining elevated privileges to systems by compromising a privileged user’s credentials and then using the authorized access to infiltrate data..
How Unmanaged Privileged access affects health IT
Every organization should have special control over Vendors, third parties, especially those in Healthcare IT should have special care because of compliance they need to follow.
As current HIPAA guidelines stand, organizations only are required to verify that identities are tied to the person claimed, typically through some means of multi-factor authentication. The HIPAA requirements, the primary driving force for protecting patient data, don’t mandate that organizations restrict access or abilities of privileged accounts once they’ve been properly authenticated.
Given the complexity of typical healthcare environments, a better way to control privileged access in a healthcare setting is crucial to protecting PHI. As per the ADHICS (Abudhabi healthcare information and cyber security Requirements) section B point 4 talks about password management, Information access management that can easily be achieved by implementing a PAM solution.
Investing in a current PAM solution would be a great first step, but implementing one that provides for more granular control is a much better and more secure solution.
For Information on Privileged Identity Management contact 0524908692 or mail me at email@example.com