AUSTIN, Texas, October 22, 2021 (GLOBE NEWSWIRE) — SecureLink, a leader in critical access management, has released a new report titled “A Matter of Life And Death: The State of Critical Access Management in Healthcare,” revealing that third-party attacks in healthcare are on the rise and fundamentally threaten not just highly sensitive medical data, but patient care.
The report, which includes data from research conducted in partnership with Ponemon Institute, reveals that within the last year, 44% of healthcare and pharmaceutical organizations experienced a data breach caused by a third party – posing compliance, reputational, and financial risks. With vendors and third parties supplying most of the components that make up the healthcare provider ecosystem, the very structure of the healthcare industry creates a greater attack surface area for data breaches, ransomware, and remote takeover of medical devices. Despite this threat, just 41% of healthcare and pharmaceutical organizations have a comprehensive inventory of all third parties with access to their network.
“Attacks by third parties are on the rise across industries—and healthcare is no exception. It’s also clear there’s an alarming disconnect between how an organization perceives a third-party threat and the actual reality of dangerous third-party access threats, as evidenced in the scarce security measures organizations employ,” said Daniel Fabbri, SecureLink Chief Data Scientist. “Now is a pivotal moment for improving critical access management, which is a vital step in monitoring and securing third-party access. Healthcare providers need to be armed with the information and tools to navigate the state of critical access management, mitigate future cyber attacks, and eliminate vulnerabilities that can threaten HIPAA and HITECH compliance.”
SecureLink’s report aims to emphasize the urgent need for improving critical access management in healthcare, along with the necessary steps healthcare organizations should implement to strengthen security. To begin the process of securing critical access points— especially from third parties—healthcare organizations must limit network and user access across applications. This includes implementing zero trust network access (ZTNA), monitoring application access, and regularly reviewing access rights among users and vendors using the three pillars of critical access management: access governance, access controls, and access monitoring:
“Because many healthcare organizations—including ours—rely on third-party vendors to address changing healthcare needs, they must be fully aware of the risks associated with third parties,” states Jon Smith, Chief Information Officer at North Country HealthCare. “More than that, healthcare organizations need to be vigilant about securing their systems and sensitive patient data from potential bad actors, especially third parties. Since implementing SecureLink’s vendor access management solution, we’ve been able to conduct regular access reviews and fine tune permissions among our vendors to ensure they have access only to the information and applications they need. This level of control around access and credentials offers us an extra layer of security and allows us to focus on our core mission of providing quality care to our rapidly growing community.”
The data points included in this report were from a study conducted by Ponemon Institute on behalf of SecureLink and includes responses from 69 individuals across health and pharma industries who are involved in their organization’s approach to managing critical access data risks. Respondents are based in North America.
Click to view the complete findings and download the “A matter of life and death: The state of critical access management in healthcare” report. For more information on SecureLink.
SecureLink is the industry leader in critical access management, empowering organizations to secure access to their most valuable assets, including networks, systems, and data. By leveraging Zero Trust principles, machine learning, and artificial intelligence, SecureLink provides comprehensive security solutions to govern, control, monitor, and audit the most critical and highest risk access points. Organizations across multiple industries — including healthcare, manufacturing, government, legal, and gaming — trust SecureLink to secure all forms of critical access, from remote access for third parties to access to critical infrastructure, regulated information, IT, and OT.
For more information visit: www.securelink.com
Codeword for SecureLink