banner

Blog

Nov 02, 2024

The Importance of Effective Identity and Access Management for Zero Trust in Healthcare | HealthTech Magazine

Mike Grisamore is Vice President of Healthcare at CDW.

There are many moving parts in a healthcare environment, whether at a large organization with facilities in multiple states or a small community health center in a rural area. A single health system could have many teams that require access to its network to complete important tasks, from third-party vendors that provide food or laundry services to temporary staff members who are brought on as support during a health emergency.

In 2021 alone, 96% of healthcare facilities reported using temporary allied healthcare professionals to supplement their workforces, according to a report from staffing company AMN Healthcare. These are workers other than physicians and nurses, and include physical therapists, speech-language pathologists and more.

A hybrid workforce means that a security perimeter that encompasses only the physical hospital is no longer compatible with modern work. Amid these myriad issues, identity and access management (IAM) remains a major challenge as organizations move toward a zero-trust approach to security.

Click the banner below to find out how IAM improves healthcare security and simplifies access.

Healthcare organizations handle critical, sensitive data, but not everyone needs access to that data at all times. And with staff turnover and other organizational changes, IT teams must ensure that access is managed appropriately and with minimal interruptions to workflow.

“Effective IAM lets users access the data they need without undue risk, excess privileges or a cumbersome user experience,” write several CDW security experts in a 2024 white paper. “In fact, IAM can help organizations resolve the perceived tension between cybersecurity and UX, as simpler security procedures tend to increase employee compliance. IAM is also a prerequisite for zero trust, an effective defense against data breaches.”

Identity is one of the five pillars of the Cybersecurity and Infrastructure Security Agency’s Zero Trust Maturity Model. According to the agency, “zero trust presents a shift from a location-centric model to an identity, context, and data-centric approach with fine-tuned security controls between users, systems, applications, data, and assets that change over time.”

Healthcare IT teams must manage hundreds if not thousands of identities, and the fluctuating nature of the workforce poses significant hurdles. Leaders from Ohio-based aging services provider Eliza Jennings discussed their experiences during the LeadingAge 2023 Annual Meeting and Expo.

Senior care organizations rely on temporary workers in many departments, and managing temporary credentials has proven to be a difficult task. Though universal login credentials are useful for efficiency, they’re not ideal from a security standpoint. Access to physical spaces is also a key consideration for ongoing security training and management.

“I think that we get a little complacent a lot of times with keys and access, especially with offboarding employees, making sure the keys are collected and we’re documenting. So, include them in the training as well,” Vice President of IT Michael Gray said during the session.

A 2023 Okta survey found that more than 9 out of 10 healthcare respondents named identity as either very important or somewhat important to their zero-trust security strategies. However, when it comes to how healthcare organizations verify internal and external users, passwords were still the top method at 61%, followed by security questions at 51% and one-time passwords in hardware at 38%.

READ MORE: Getting identity management right is crucial for healthcare security.

Healthcare organizations that strengthen their IAM will find improvements in third-party management, increased efficiency for IT teams and reduced security risks.

Health systems inevitably will work with multiple vendors, but they can still shore up their approach to third-party risk management. “IAM helps organizations manage these risks by applying managing lifecycle access through rigorous authentication and access controls to third-party users. This includes limiting their privileges and revoking access when it is no longer needed. IAM solutions can simplify these processes by increasing visibility into third-party access privileges and histories and assigning access based on carefully defined roles,” the CDW experts write.

IAM solutions can reduce complexity and support IT teams with customizable workflows and policies, dashboards and other features. Automation can streamline onboarding and offboarding processes and reduce error.

And as concerns grow about insider threats, IAM solutions allow IT teams to monitor user activity and enforce least privilege access. “IAM also addresses vulnerabilities arising from human error, including weak passwords, susceptibility to phishing, and outdated software or devices,” the CDW experts note.

Click the bannerbelow READ MORE:
SHARE