Hospitals are not only forced to maintain security for their own users, but also the third party vendors they need to interact with on a regular basis. Third party cyber attacks have become prevalent across numerous industries, not just healthcare. And with companies trusting the responsibility of maintaining third party security with those same third party vendors, it’s no wonder these types of attacks are so appealing to hackers and bad actors. One only needs to look at last year’s ransomware
attack on Olympus to see the ramifications and pervasiveness of this type of breach.
When considering the number of users and applications who need access to healthcare networks, the very real threat of phishing attacks opens another entry point for bad actors to compromise a system. Phishing, spear phishing, and the latest versions of SMShing (phishing via SMS) all seek to compromise a user’s machine, which would grant the bad actor access to sensitive network locations.
Most users are probably familiar with these types of attacks, which occur when a bad actor sends a user a malicious attachment or link. Attackers can pose as a company executive or supervisor, encouraging employees to click on these links while using company emails or on company networks. In turn, hackers can breach an entire organization.
Moving forward
When taking all of these threats and vulnerabilities into account, healthcare organizations ultimately need to shift toward security systems that can confirm and leverage identity across all of the modes, users, and services that healthcare uses. This approach will ensure that only authorized and verified users are given access to the specific applications, services, or resources they need to do their jobs.
In practice this will look like transitioning from what is likely a perimeter-based security system to one rooted in identity-based access. This one simple step will decrease the chances of a data breach, without compromising the experience for everyday users. In short, identity-based access works under the notion that every user must be authorized every single time they enter a network before granted access. And further, this approach grants a user or application only to the resources a given user needs for their role. In order for healthcare facilities to combat growing cybersecurity threats, organizations need to reevaluate their existing security systems and ensure their updates are rooted in identity-based access.
About the author: Almog Apirion is CEO and Co-founder of Cyolo, a company dedicated to introducing the first real zero-trust solution, a safer architecture that allows organizations to securely connect all users to their working environments. Cyolo strives to help organizations stay agile, secure and productive – whatever the situation, wherever their users are located.
Back to HCB News
