security

More Products, More Problems: Healthcare’s IT Inflection Point – Forbes


Chief technology officer at Imprivata, the digital identity company for life- and mission-critical industries.

Everyone talks about how healthcare is overwhelmed. That’s an understatement. Frankly, healthcare has been under tremendous stress since well before the pandemic. While IT isn’t the only factor inflating pressure, it’s a major contributor. Applications are decentralized and outdated, the fragmented IT environment has proven unsustainable, and change is necessary for digital transformation. But what exactly does that look like?

Picture this: a 360-degree view of all access throughout the environment. Of course, there’s a long road ahead to building the ideal strategy, but it’s critical to get started before potential risks become major issues. To benefit clinicians, patients and security, health systems must embark on the journey to digital identity security, starting by rationalizing their tech stack.

Digital Transformation Requires Rationalization

As mergers and acquisitions continue to dominate the industry, many healthcare delivery organizations (HDOs) are dealing with an excess of legacy and cloud applications that often result in high maintenance costs and a surplus of vendors. With dozens, if not hundreds, of disparate technologies in the tech stack, HDOs must prioritize rationalization to determine which applications and solutions are being used, how they are being used and how effective they are.

On average, businesses use over 970 applications, according to a 2022 Mulesoft survey. That may seem like a lot, but it’s not unusual for health systems to have significantly more. Some applications may have provided a quick fix but proved unsustainable. Some offered a new shiny capability and were purchased without the thought of the long-term viability. It’s easy to imagine how technologies could grow over time and become overwhelming to manage. For this reason, reducing the number of applications is necessary to reduce the IT footprint and improve visibility.

Readers Also Like:  Scientologists Ask Federal Government To Restrict Right To Repair - Slashdot

A smaller environment is cheaper to run, straightforward to manage and easier to secure. As HDOs decide which applications will be kept, replaced, removed or consolidated, they should abide by zero-trust standards.

The Zero-Trust Blueprint

Many industries are striving toward zero trust architecture (ZTA) as it enforces a “never trust, always verify” approach to identity and access management. Due to hybrid work environments and the expansion of the cloud, this method is the most effective in securing the modern “perimeter-less” network. For an industry like healthcare with myriad technologies, ZTA is a strong approach.

However, because ZTA requires added authentication, health systems need to be careful with the methods or products they adopt to improve security. Studies show clinicians spend over 15 minutes on average per patient accessing the information necessary to provide care. Imagine how time-consuming it would be to enter a username and 15-character password for multifactor authentication (MFA), in addition to initial logins. This would take precious time away from the care delivery process, resulting in frustrated clinicians and patients.

Fortunately, there are several ways HDOs can streamline access and authentication without sacrificing security. After rationalizing applications and evaluating ZTA, health systems will be prepared to take the most important step toward long-term, frictionless security: building a digital identity strategy.

Increasing Efficiency With Digital Identity

With such a complex environment, healthcare needs a strategy that focuses on securing the user (the digital identity) and their credentials, not the environment. According to a recent survey, 51% of healthcare organizations experienced a cyber incident in the past 12 months, with compromised credentials being a common attack vector.

Readers Also Like:  Tenable CEO says Microsoft failed to address a serious security flaw - TechRadar

To protect credentials, security must be invisible to end users. Digital identity makes this possible. For instance, by replacing logins with frequency badge tap or biometric authentication, clinicians can seamlessly access technology without the burden of entering a username and password. Not only does this save time, but it also reduces the security risks that come with passwords. The less often a user has to enter credentials, the less likely they are to come up with workarounds, or worse, write them down on a sticky note by the workstation (a major vulnerability).

Also, a digital identity strategy is easier for healthcare staff. IT departments are assets in ensuring healthcare runs smoothly, but with ongoing talent shortages, teams are overwhelmed. With an identity-centric approach, HDOs will have a smaller footprint with fewer technologies and applications to manage, update and monitor. This allows IT teams to operate at their full potential and focus on long-term security rather than short-term issues like help desk tickets or password resets.

Building Out The Strategy

Once implemented, a digital identity approach will enable HDOs to expand upon their security environment with ease. There are four core components organizations need to build out their framework:

1. Automated provisioning and deprovisioning with identity governance. Many IT departments manually provision user access. This process is often error-prone and a burden to IT staff, sometimes delaying a clinician’s ability to provide care. With automated identity governance, HDOs can get employees to work faster while improving security throughout the process.

2. Frictionless access with single sign-on. User logins need to be efficient in the fast-paced healthcare environment. Implementing no-click access single sign-on reduces the need for passwords while boosting security and workflow efficiency.

Readers Also Like:  Mass protests erupt after Netanyahu fires defense chief - The Associated Press

3. Adopt MFA. When coupled with password-less authentication methods, clinicians can enforce MFA quickly and efficiently, in turn securing credentials and verifying critical access.

4. Enforce privileged and vendor access management. HDOs often rely on external software vendors to access their network and complete a specific task. However, this is a common attack vector, as compromised privileged credentials can lead to cyberattacks. It’s critical any vendor or third-party privileged access is monitored, managed and secured to protect your most sensitive information.

Between public health crises, staffing shortages, nursing strikes, cyberattacks and what feels like the race against technology, healthcare has reached a critical inflection point. It’s time to break down the barriers to patient care that technology has created. As cybersecurity continues advancing at a rapid rate, healthcare must evolve with digital identity.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


Follow me on LinkedInCheck out my website



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.