Healthcare Identity Threats: Why Almost 20% of Breaches Lead to Injury

Home » Blog » Healthcare Identity Threats: Why Almost 20% of Breaches Lead to Injury

The healthcare industry faces significant threats from data breaches and compromised medical devices, resulting not only in high financial losses but also endangering patients’ health. In a survey of US healthcare experts conducted in 2022, 53% reported an increase in mortality rates due to ransomware attacks. In 2021, 30% of cyberattacks targeting healthcare organizations caused disruptions to emergency services. Another 17% led to severe harm to patients.

A recent victim of such a breach was Ardent Health Services. On Thanksgiving Day 2023, a major ransomware attack affected its 30 hospitals and over 200 other healthcare facilities across six US states. In several cases, ambulances transporting emergency room patients were diverted to other hospitals.

MFA Does not Cover Medical Devices

Even though medical devices have a lifetime of up to 30 years, their software and security practices might never be updated. The FBI has identified a growing number of security flaws in such medical devices (referred to as legacy devices), including insulin pumps, defibrillators, and pacemakers. As legacy devices do not support multi-factor authentication (MFA), malicious actors may use compromised credentials to manipulate device readings, administer drug overdoses, or commit other crimes.

Service Accounts are Rarely Listed and Documented

Only 10% of healthcare organizations have complete visibility into their service accounts. It is already difficult to manage service accounts, but healthcare organizations face an even greater challenge as they use a wide range of different devices and systems. Often, there may be hundreds of unknown service accounts associated with medical devices or health systems, including the Master Patient Index (MPI), Electronic Health/Medical Records (EHR/EMR), billing, and electronic prescriptions.

Silverfort’s Unified Identity Protection for Healthcare

Silverfort’s unified identity protection platform automatically detects service accounts and creates access policies based on their behavior. In the event that an access attempt differs from the policy, it will be blocked.

Silverfort can also enforce MFA on legacy systems without interfering with their day-to-day operations, preventing malicious authentications for all users, admins, and service accounts across any system, resource, and protocol.

For more information, request a demo.

Stop Identity Threats Now