5 Best Practices Healthcare Organizations can do to Help Mitigate Risks

We’ve all heard it in the news recently… Premera, Anthem, Community Health and others – healthcare organizations under attack by hackers for patients’ healthcare information. Healthcare data breaches are becoming far too common and the data extracted is more harmful to the public than credit card data breaches. Think of healthcare as the Holy Grail for hackers: Healthcare providers and insurance payers have social security numbers, names and addresses, medical histories, payment histories and more – combination of both financial and PII. As a healthcare organization, reducing security breaches should be a top agenda item. Fortunately, there are several things you can do to help mitigate those risks, and reduce the threat of external and internal threats. Here are just a few of them: 1. Prioritize and apply patches that pose a real risk to more effectively reduce the internal attack surface. As Gartner and other third parties indicate, many times these hackers leverage known vulnerabilities with readily available patches. 2. Ensure all desktop users are logged in as a standard user with standard permission. As an example, many malware exploits need administrator permissions to deploy, meaning non-administrators have administrator rights – that can and will be abused. After installation of these types of software such solutions, limit standard users versus administrative accounts. This is key to mitigating risk. 3. Use privileged password management for all sensitive accounts. Privileged password management should not just include sensitive servers or compliance mandated devices. Password management also includes locking down Windows administrators and help desk staff that may need to perform tasks on local or remote Windows machines. Once a desktop is compromised, these accounts become the targets for hacker activity. 4. Implement least privilege delegation with extensive auditing of tier 1 systems on enterprise platforms such as UNIX or Linux to reduce the impact of breaches and improve response times. 5. Use advanced analytics to isolate suspicious behaviors of administrators and more rapidly detect and respond to breaches. BeyondTrust offers industry leading Vulnerability Management and Privileged Account Management solutions that are trusted by over 4,000 customers worldwide, including over half of the Fortune 100.