Healthcare data breaches in Australia have reached record levels. According to the OAIC, the health sector reported 83 data breaches, and is the highest reporting industry sector. Health service providers also reported an equal number of breaches resulting from malicious or criminal attacks and human error (47% each). With healthcare under the Security of Critical Infrastructure Act (SoCI Act), there’s clear recognition that the sector is of key interest.
Covid-19 has caused several challenges to Australia’s healthcare organisations such as a surge in cyber attacks with threat actors using various methods to infiltrate systems and networks, and a lack of skilled labour across the industry. Remote working has also expedited digital transformation in healthcare, despite the underinvestment in corporate and clinical based systems with a significant footprint in legacy, on-premise architectures.
In addition, with OAIC’s report confirming that almost two-thirds (65%) of incidents involved malicious actors gaining inside access to accounts using compromised or stolen credentials, it is no surprise that 70% of Australian Citizens see privacy as a major concern, indicative of their lack of trust and confidence in sharing their personal health information digitally.
With the above at play and thousands of identities hard at work within the organisations in the health sector, a struggle ensues to keep up when digital and data continue to proliferate. It is no longer viable to give users broad access to internal healthcare systems.
What’s the relevance of identity security?
Given that most data breaches are due to insider threats, identity security needs to be a key consideration. Identity security enables complete visibility and orchestration of granular access of all user types and their related access, including all permissions, entitlements, and roles. This ensures healthcare workers such as clinicians, pharmacists and social workers only have the access to the resources and applications they need to perform their job function.
Healthcare firms can enforce a least-privileged access posture, which will help with reducing the number of data breaches within healthcare, as every single identity in the organisation will only have the minimum amount of access required for their job. With tighter security controls in place, Australia citizens would feel more assured to share their private health information.
Identity security adds value in addressing legislative, regulatory and compliance obligations required by the SoCI Act, in a cost-effective manner. This is achieved by seamlessly integrating with existing systems and empowering non-IT healthcare users to drive access audit requirements via an intuitive, user-friendly interface, suitable for non-technical users.
From legacy to SaaS-first
Healthcare organisations are typically built on legacy systems, which has inherent security risks and is labour intensive to maintain. Legacy infrastructures are often inflexible and relies on manual processes for tracking user identities, making it possible for human errors, which may result in security loopholes that can be exploited by cyber attackers.
Taking a true native Software-as-a-Service (SaaS) approach with identity security which is interoperable with a mix of on-premise and cloud environments, prevents time intensive manual processes and reduces legacy debt by being version-less and ensuring innovation is always on. This also helps free up the IT maintenance workload and reduces risk for healthcare firms as all general and security upgrades are taken care of from the cloud.
With a SaaS model, healthcare organisations need not worry about information technology overhead and operational costs and can expect a more transparent total cost of ownership.
Other benefits include enhanced data security, telehealth, and improved patient engagement while improving productivity and reducing pressure on employees. Given the labour shortage, a SaaS-first approach provides agility to the evolving nature of the healthcare sector, enabling healthcare workers to focus on their key responsibility – providing optimal patient care.
A critical move towards AI-driven identity security
AI further empowers healthcare firms through a self-driving approach to identity security. By leveraging AI and machine learning, healthcare firms can get insights into access privileges and abnormal entitlements and provide users with the right access at the right time. They can also automatically modify or terminate access based on changes to a user’s attributes or location, and automatically perform remediation actions when risky activity is detected.
With an integrated, automated, and intelligent identity security strategy, healthcare firms can make better and faster access decisions to provide a seamless patient experience.
Nam Lam is the ANZ Country Manager at SailPoint.
