Written
by
Nam
Lam,
Country
Manager,
ANZ,
SailPoint.
The
healthcare
industry
continues
to
be
the
most
targeted
industry
by
cybercriminals
in
Australia,
with
the
sector
reporting
the
highest
number
of
notified
breaches
in
Australia
–
14%
of
497
data
breaches
–
to
the
privacy
regulator
in
the
second
half
of
2022, according
to
the
OAIC
report.
The
major
scale
of
the
Medicare
breach
recorded
in
October
last
year
was
one
of
the
last
to
shake
up
the
industry
to
its
core,
with
the
exposure
of
9.7
million
current
and
former
customers’
sensitive
data.
It
is
not
surprising
then
that 85%
of
Australians
see
data
privacy
as
a
major
concern,
displaying
a
lack
of
trust
and
confidence
in
sharing
their
personal
health
information
digitally.
Paired
with
continuing
challenges
with
chronic
staff
shortages
and
the
growing
number
of
data
privacy
and
information
security
regulations
impacting
the
industry,
the
healthcare
sector
stands
at
a
crucial
point
in
finding
the
right
balance
between
privacy
and
security
when
it
comes
to
accessing
Australians’
sensitive
data.
For
example,
whilst
My
Health
Record
has
been
available
to
Australians
for
over
10
years,
the
uptick
in
adoption
only
picked
up
its
pace
during
COVID
with
more
Australians
and
healthcare
providers
accessing
and
adding
to
the
existing
data.
The
accelerated
demand
of
digital
integration
and
deployment
of
data
has
been
a
catalyst
to
reviewing
how
medical
data
is
shared
and
accessed
safely
across
complex
and
highly
connected
ecosystems.
And
that
is
the
next
challenge
for
the
healthcare
sector.
What’s
promising
is
that
according
to SailPoint’s
“The
State
of
Identity
Security
2023:
A
Spotlight
on
Healthcare”
report, the
healthcare
industry
almost
universally
recognises
the
importance
of
identity
security,
with
95%
indicating
that
identity
security
is
either
a
relatively
important,
critical,
or
number
one
investment
priority
for
the
organisation.
Whilst
29%
of
organisations
recognise
it’s
their
number
one
investment
priority
amid
growing
cloud
adoption,
digital
transformation,
and
mergers
and
acquisitions
within
the
industry,
most
organisations
are
still
in
the
early
stages
of
identity
maturity
as
only
a
third
have
had
an
identity
and
access
management
program
in
place
for
more
than
two
years.
The
sector’s
vulnerability
is
therefore
still
high
and
as
the
growth
of
employee,
non-employee
and
non-human
identities
continue
to
proliferate,
it
is
no
longer
viable
to
give
users
broad
access
to
internal
healthcare
systems
as
human
error
and
insider
threats
are
the
cause
of
most
data
breaches.
Why
an
Identity
Security
strategy
is
a
must
As 93%
of
healthcare
organisations
experienced
an
identity-related
breach
in
the
last
two
years,
the
healthcare
sector
cannot
afford
to
ignore
identity
security.
In
order
to
keep
up
with
evolving
security
risks
and
prevent
financial
and
reputational
losses,
healthcare
organisations
must
implement
a
comprehensive
identity
program.
The
healthcare
sector
is
uniquely
challenged
with
securing
identities
with
one-to-many
roles,
multiple
authoritative
sources
as
well
as
several
non-employees
such
as
contractors,
affiliate
doctors and
temporary
healthcare
professionals
like
nurses,
imaging
technologists
and
therapists.
Having
an
identity
security
strategy
in
place
enforced
by
a
Zero
Trust
and
least-privileged
access
which
harnesses
AI,
provides
healthcare
firms
with
complete
visibility
over
all
the
direct
and
related
access
each
user
has
–
including
all
permissions,
entitlements,
and
roles.
Identity
management
is
key
to
ensuring
a
secure,
compliant,
and
efficient
infrastructure
as
it
enables
organisations
to
understand
and
manage
who
has
access
to
which
resources,
and
how
exactly
that
access
is
being
used
to
reduce,
adjust
or
remove
privileges
as
needed.
By
providing
all
internal
and
external
users
the
minimum
amount
of
access
to
resources
required
to
perform
their
job,
healthcare
organisations
can
mitigate
the
risk
of
compromised
credentials.
With
tighter
security
controls
in
place,
Australians
would
also
feel
more
assured
to
share
their
private
health
information.
Adopting
a
SaaS-first
approach
Healthcare
organisations
are
typically
built
on
legacy
systems
which
are
more
vulnerable
to
cyberattack
exposure.
Their
infrastructure
not
only
poses
a
risk
to
their
security
due
to
their
human
and
manual
centred
processes,
but
also
affects
their
operational
efficiency
due
to
inflexibility
in
integrating
with
innovative
solutions
to
automate
all
identity
decisions.
Implementing
a
true
native
Software-as-a-Service
(SaaS)
approach
with
identity
security
which
is
interoperable
with
a
mix
of
on-premise
and
cloud
environments,
can
provide
IT
teams
with continuous
and
accurate
visibility
into
their
entire
SaaS
environment.
This
visibility
reduces
the
strain
on
IT
teams
by
allowing
controls
to
be
set
up
to
govern
all
SaaS
access,
control
software
spend,
and
secure
identities
to
combat
cyber
threats, whilst
delivering
enhanced
data
security,
telehealth,
and
improved
patient
engagement.
In
the
recent
report
by
SailPoint,
38%
of
healthcare
firms
said
that
managing
access
is
time-consuming,
with
a
typical
healthcare
IT
professional
spending
more
than
a
third
of
their
week
managing
access
and
permission
for
identities. An
automated
identity
approach
can
easily define
user
roles
and
create
policies
for
access, giving
healthcare
workers
fast,
simple
and
error-free
access
to
the
data
and
critical
resources
they
require
to
care
for
patients.
With
an
AI-driven
process
to
review,
refine
and
evaluate
roles,
healthcare
organisations
can
improve
compliance, meet
regulatory
requirements,
and
deliver
successful
audit
outcomes.
With
an
integrated,
intelligent
and
automated
identity
security
strategy
that
provides
visibility
and
insights
to
extend
access
at
the
right
time
by
monitoring
behaviour
patterns
and
allowing
IT
managers
to
spot
risky
access
faster,
healthcare
firms
will
not
only
benefit
from
enhanced
security
to protect
patient
data but
also
improve
operational
efficiency
to
deliver
a
seamless
patient
experience.
About Author
