Granular access control: Anthem and healthcare lessons

September 07, 2017//Ellen Neveux

Last Updated: November 18, 2020

Healthcare has faced a number of cybersecurity challenges over the past five years. Symantec highlighted in their 2017 Internet Security Threat Report that healthcare was listed second in the services industry in cyber-breaches, up 22% in 2016 since 2015.

In an article by Marianne Kolbasuk McGee on BankInfoSecurity.com, industry leaders discuss the key factors to consider when protecting your network in this space – and it’s all about access control.

Anthem Breach Lesson: Why Granular Access Control Matters

Healthcare organizations can learn important lessons from the proposed $115 million settlement in the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.

One of the key lessons emerging from the Anthem breach case, which impacted nearly 79 million individuals, is the need for more granular control of access to sensitive data, says Fox, who’s global chief technology officer of healthcare and life sciences at MarkLogic, a database software vendor.

The breach shows the importance of access control because it stemmed from a phishing attack that exposed credentials, paving the way to access sensitive data on millions of individuals.

“It seems as though [Anthem] did not have sufficient granularity in terms of internal access,” he notes in an interview with Information Security Media Group. “You constantly have to think in terms that there is no way to absolutely prevent a breach in any sort of operational business because you have to be sharing data – and people have to be working with that data and filling the functions of the business. But what many organizations – not just those in healthcare, but in other industries – lack is very, very granular access control.”

That includes controlling what users, such as doctors or billing clerks, can view, based on their roles, as well as how long they have permission to access that data and what they are permitted to do with it, he says.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

close close