If you had the opportunity to attend the 2019 HIMSS Conference last week, you were probably made keenly aware by vendors, speakers, and exhibitors of the growing interest of cybersecurity in healthcare. The healthcare statistic is staggering: 15 million patient records were breached in 2018, triple the number from just the year before. And while there are signs everywhere that the industry is paying more attention, it doesn’t make preparedness and remediation any easier.
In fact, managing digital security in healthcare may be an even greater challenge now since industry influencers and consumers alike are immediately made aware when something goes wrong - thus driving the costs of remediation through the roof. Cybersecurity insurance premiums are on the rise and, in many cases, the effective coverage is significantly less than the total cost to cover affected consumers. Plus, the ecosystem is growing. Patients are taking on more accountability for their healthcare program and traditional consumer device manufacturers are now building healthcare devices. The control over how healthcare is determined, developed, and distributed is shifting to include more players. And with those entrants comes a new level of complexity.
Protecting digital identities offers a solid foundation for healthcare organizations to build a trusted networking environment. HDOs should think of their organization as an entity with identities. These identities are made up of people, applications and devices, and have a lifespan from creation to expiration and renewal. To create a truly secure environment, every identity within the organization must be covered by layers of digital security.
Keyfactor just released a study with Ponemon Institute that summarizes what happens when these identities are not secured, and the report is startling. The Impact of Unsecured Digital Identities provides insights and data that can enable HDOs to fortify their strategy for digital security.
Meaningful Keyfactor-Ponemon Report Insights
- Digital identities are generally an under-budgeted and under-resourced area within IT security.
- Manual tracking (as opposed to automated tracking) of identities' lifecycle leads to expiration without warning, leaving them vulnerable and open for breach.
- 70% of healthcare organizations are adding layers of encryption technologies to secure IoT devices.
- 83% of healthcare respondents agree that failing to secure digital identities undermines the trust their organization relies upon to operate.
- The average healthcare organization has experienced a failed audit or compliance due to undocumented or unenforced identity management policies or from insufficient identity management practices almost 5 times in the past two years.
Healthcare respondents agree that the ability to discover, inventory and automate digital identities is one of the greatest challenges IT teams face, and the associated costs are mind-boggling. The average economic loss for healthcare orgs from an expired identity is $10.6 million.
Risk mitigation means that other areas of the organization like audit and compliance have a role to play. These teams are becoming less confident that certificate and key management is meeting standards. According to the report:
- There is a 40% likelihood that healthcare organizations will experience the theft of digital identities over the next 24 months
- The theft of digital identities costs healthcare organizations an average of $13.2M due to increased support time, diminished IT staff and user productivity, immediate revenue loss, and diminished brand or reputation.
Whether you’re the IT or cybersecurity expert who’s managing the day-to-day, a legal analyst, or CFO, understanding and appreciating what it takes to effectively manage digital identities across your organization is critical.