As many of our Healthcare customers start using cloud services like Office 365, protecting the user’s identity has become increasingly important. Identities have become the best way for an attacker to breach an organization. All an adversary needs to do is compromise one user’s identity and then they can move laterally inside the network or just use email to gather more information about the organization. In fact, according to the “Verizon Data Breach Investigations Report 2018” 81% of data breaches involved weak, default or stolen passwords.
The above infographic shows the scope of the problem. All the attacks above have something in common; a stolen identity. What is more concerning is that some of these identities are user accounts that have admin access to the cloud service. Healthcare organizations know that their data is valuable and bad actors are using stolen administrative identities to get health information. That can result in an incredible amount of damage because the attacker can cover their tracks a lot faster and exfiltrate with the health data.
So, how can you protect your organization from these attacks?
The plans I laid out above will give your organization a good start at reducing risk around compromised accounts. Health data is a prime target for hackers to sell and use to commit crimes that target insurance reimbursements. In the end all the tools in the world can’t stop the weakest link in any organization; human error. People will always make a mistake and click on a malicious link or open a malicious attachment in their personal email on their work computer. Educating your users is critical, but automated intelligence will enable your organization to respond quickly before a breach shuts down operations.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.