Search

Language

Healthcare Identity Threats: Why Almost 20% of Breaches Lead to Injury

January 10th, 2024

Home » Blog » Healthcare Identity Threats: Why Almost 20% of Breaches Lead to Injury

The healthcare industry faces significant threats from data breaches and compromised medical devices, resulting not only in high financial losses but also endangering patients’ health. In a survey of US healthcare experts conducted in 2022, 53% reported an increase in mortality rates due to ransomware attacks. In 2021, 30% of cyberattacks targeting healthcare organizations caused disruptions to emergency services. Another 17% led to severe harm to patients.

A recent victim of such a breach was Ardent Health Services. On Thanksgiving Day 2023, a major ransomware attack affected its 30 hospitals and over 200 other healthcare facilities across six US states. In several cases, ambulances transporting emergency room patients were diverted to other hospitals.

Table Of Contents

  • MFA Does not Cover Medical Devices
  • Service Accounts are Rarely Listed and Documented
  • Silverfort’s Unified Identity Protection for Healthcare

    • MFA Does not Cover Medical Devices

    Even though medical devices have a lifetime of up to 30 years, their software and security practices might never be updated. The FBI has identified a growing number of security flaws in such medical devices (referred to as legacy devices), including insulin pumps, defibrillators, and pacemakers. As legacy devices do not support multi-factor authentication (MFA), malicious actors may use compromised credentials to manipulate device readings, administer drug overdoses, or commit other crimes.

    Service Accounts are Rarely Listed and Documented

    Only 10% of healthcare organizations have complete visibility into their service accounts. It is already difficult to manage service accounts, but healthcare organizations face an even greater challenge as they use a wide range of different devices and systems. Often, there may be hundreds of unknown service accounts associated with medical devices or health systems, including the Master Patient Index (MPI), Electronic Health/Medical Records (EHR/EMR), billing, and electronic prescriptions.

    Silverfort’s Unified Identity Protection for Healthcare

    Silverfort’s unified identity protection platform automatically detects service accounts and creates access policies based on their behavior. In the event that an access attempt differs from the policy, it will be blocked.

    Silverfort can also enforce MFA on legacy systems without interfering with their day-to-day operations, preventing malicious authentications for all users, admins, and service accounts across any system, resource, and protocol.

    For more information, request a demo.

    Ready for a Demo?
    Sign up today.

    Recent posts

    April 24th, 2024

    5 Ways to Step Up Your AD Hygiene with Silverfort  

    March 26th, 2024

    The Identity Underground Report: Deep insight into the most critical identity security gaps  

    March 2nd, 2024

    MFA Protection for Air-Gapped Networks

    February 21st, 2024

    Mitigating the Identity Risks of Ex-Employees’ Accounts
    See more

    Follow Us

    Stop Identity Threats Now