With IT security trending in the news, two of the biggest industries that seem to be top of mind are finance and media. These sectors have big budgets and very public personalities, so they tend to hog the spotlight. However, one of the hardest hit industries has actually been health care. Identity governance and intelligence may be the solution for its ailing cybersecurity.

A New Kind of Health Care Crisis

Health care organizations have lots of personal patient data, including names, health information, payment information, Social Security numbers and more. Electronic medical record (EMR) systems such as EPIC or McKesson are popular targets since they have such valuable data. Because of this, health care security teams are looking for new methods to remain secure and compliant, all while protecting that patient data.

According to the Ponemon Institute, criminal attacks in health care have increased by 125 percent since 2010 and are now the leading cause of medical data breaches. These attacks can also include the work of malicious insiders.

The people within these organizations have been the main entry points into the systems, which could allow cybercriminals to collect valuable personal information. Doctors, nurses, patients and their identities need to be managed and governed.

Securing these entry points is not only a requirement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, but it’s also a business imperative. Fines for noncompliance can reach $1.5 million or more.

To combat these threats and remain compliant, health care organizations are looking to identity and access management (IAM) solutions. These tools can help:

  • Automate processes for managing user roles, access policies and risk.
  • Apply and enforce appropriate levels of access for a constantly changing user base.
  • Regularly recertify user access rights with a high level of accuracy.
  • Detect and act upon security policy violations quickly.

Identity Governance Saves the Day

IBM Identity Governance and Intelligence is an end-to-end solution that helps improve health care security measures at the critical identity gateway while also reducing overall complexity and total cost of ownership. Governance and intelligence assists organizations in mitigating access risks and access policy violations by using intelligence-driven, business-driven identity governance integrated with user life cycle management.

Interactive white paper: Safeguard Health Care Identities and Data Against the Latest Threats

For even more information, watch the on-demand health care identity governance webinar. There, IBM experts discuss a real customer use case where IBM was able to integrate its identity solutions with a hospital’s EPIC system, and give a demonstration of the solution.

More from Healthcare

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Cybersecurity risks in healthcare are an ongoing crisis

4 min read - While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care. In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today