8 April 2021
How to protect digital identities for better risk management
The healthcare industry has been disrupted like no other over the last year.
Given the criticality of Australia’s healthcare system, a seamless, secure, and reliable identity security system has never been more important. Whether it’s onboarding new staff, placement of temps, or a sudden spike in COVID cases, an increase in personnel and activity can create vulnerabilities throughout IT operations.
Knowing who requires access to systems and data, and to be able to modify access or remove it as people change roles should be high priority. The latest Office of the Australian Information Commissioner (OAIC) data breach report revealed the health sector to be once more the number one industry reporting data breaches. This sector has consistently reported the most data breaches since the Notifiable Data Breaches scheme began in 2018.
The risks of ineffective or insufficient identity security
Change is constant within an organisation so it’s important that the technology evolves with the business to keep up with changing needs and wants. If not, an organisation risks an ineffective or insufficient identity security program, increasing its vulnerability to cyber-attacks, data breaches, or someone having access to data they shouldn’t.
If an employee moves to a different area, or even leaves the organisation, it’s crucial that they are properly offboarded from the network. Failure to deprovision or remove the account leads to an orphaned account, containing all the data from the previous user but remaining unassigned. This becomes a gold mine for hackers if undetected without a proper identity security solution.
How a strong identity security program can meet business needs
Implementing an automated one-stop system that maintains the confidentiality and availability of protected health information flowing through the system is crucial. The OAIC report states that 38% of data breaches were due to human error – a increase of 18% since the previous report. Not only will an identity security system increase productivity, but it will simultaneously minimize the risk of human error and the potential infiltration of cyber attackers by seamlessly managing the network automatically.
Why AI and ML are key components in risk management and protecting digital identities
Especially within the healthcare sector, there are many levels of users and different systems tied in with some automatic robotic processes. This high level of activity generates tremendous amount of data and, often, finding anomalies is like searching for a needle in a haystack.
Artificial Intelligence (AI) and machine learning (ML) can identify anything out of the ordinary, whether it be on system permissions, or user activity. By implementing AI and ML to reduce or remove the manual filter many enterprises have for permission settings and access logs, it will make the task more time-efficient and highly accurate by minimising the chance of human error.
Helping major healthcare providers on the frontlines of fighting the pandemic
All eyes were on the healthcare sector last year and the events of 2020 called for an uptake of employees. New York City Health + Hospitals is the largest public healthcare system in the US; Andrew Greenspan, senior director of identity security at NYC Health & Hospitals said they didn’t have to adapt too much from the extra activities of the pandemic as SailPoint was able to meet the demands of extra support.
By implementing an automated lifecycle process for employee records with an electronic health record (EHR) system, NYC Health + Hospitals were able to successfully onboard 10,000 new employees in a six-week period. Previously, 11 different provisioning processes were used for onboarding and offboarding across multiple hospitals, but it has since been consolidated into one automated process. Greenspan says that this has turned a multi-day process into one that takes an hour.
Risk management can be made simple by embracing the features of AI and ML, while increasing productivity and efficiency by automating processes to constantly monitor and identify any unusual behaviour. It can be overwhelming trying to manage a constant stream or high volumes of data but having a strong identity security system in place will remove the headache of trying to keep up with who has access to what, and ensuring the organisation remains compliant.
Terry Burgess is the Vice President of Asia Pacific Japan at SailPoint, which provides an integrated set of cloud-based services, including compliance controls, provisioning, single sign-on and data access governance.