Thycotic helps you prevent healthcare cyber security breaches and protect patient data
WHAT’s the challenge
Hospitals and healthcare institutions are prime targets for ransomware attacks, cyber security breaches and malware exploits that seek to capture or compromise patient data.
WHY it’s important
Recent ransomware payouts by hospitals total hundreds of thousands of dollars, not to mention substantial fines through HIPAA regulations should patient data be compromised.
HOW we solve it
By delivering comprehensive Privileged Account Management and Security solutions that secure privileged account passwords and lock down applications, endpoints, and OS configurations.
Ransomware and other cyber exploits target healthcare institutions
All it takes is one employee to unknowingly or carelessly click on a malicious link and your entire healthcare organization can be the victim of a ransomware attack. By locking up hospital computers, this type of insidious malware prevents you from accessing data until you pay a ransom, usually demanded in Bitcoin. Hospitals are the ideal target for this kind of extortion because they have to rely on up-to-date patient records to deliver critical care. Without quick access to key patient information, care might be compromised, and thus many hospitals have no choice but to pay a ransom rather than risk delaying care and potential lawsuits. But how do you effectively protect your organization against ransomware?
In February 2016, attackers took computers belonging to the Hollywood Presbyterian Medical Center in Los Angeles hostage using a piece of ransomware called Locky. Computers were offline for more than a week until officials caved to the extortionists’ and paid the equivalent of $17,000 in Bitcoin.
Thycotic software helps you lock down Windows applications, endpoints and OS configurations
Healthcare organizations today need to lock down desktops to help stop malware and ransomware attacks which can have devastating and costly consequences. That means removing IT admin privileges from most users to lower risk, and limiting privileges for IT admins to improve security. The powerful combination of three solutions within Thycotic’s endpoint security solutions add multiple layers of ransomware protection. This helps ensure that you can stop malware attacks at the end-point to limit an attacker’s ability to move beyond their initial point of entry.
Stop exploits such as malware and ransomware at the endpoint
Thycotic provides comprehensive endpoint privilege management and security solutions that:
- Assure least privilege application control.
- Enable administrative user group management.
- Deliver security compliance and automated remediation.
VIDEO: Healthcare Penetration Test, Dave Shackleford | Thycotic Expert Series
PRIVILEGED PASSWORD SECURITY
Personally Identifiable Information (PII): The crown jewel for healthcare attackers
Healthcare organizations face constant cyber threats from both cybercriminals and trusted insiders because of the monetary value patient medical records hold. The increasing demand to access personally identifiable information (PII) held by hospitals and healthcare institutions makes the industry a prime target for cyber-attacks. Patients trust the medical sector to secure their sensitive information: names, date of birth, social security information, financial information, and medical history. This information is easily sold on the underground market and can be used to commit identity fraud, obtain prescriptions, and other fraudulent activities.
The latest trend we are seeing is the uptick in criminal attacks on hospitals, which have increased a staggering 100 percent since the first study four years ago.
– Dr. Larry Ponemon, Chairman and founder, Ponemon Institute
Protect PII at its core: Privileged Account Management for healthcare IT admins
As healthcare ransomware attacks and other data security breaches become more prevalent, healthcare IT must place immediate controls around the attacker’s prime target – databases containing PII. To do this, IT’s main line of defense is protecting privileged accounts and their passwords. By gaining unauthorized access to just one privileged account (such as a domain administrator account), attackers can quickly assume the identity of a “trusted insider,” scale the hospital network, and infiltrate data. Privileged accounts are difficult to manage manually because they are “nonhuman” accounts and are often shared among many on an IT team.
Make securing your patient data a top priority
An effective privileged account management strategy is necessary to protect patient data stored in electronic records. Managing access to thousands of devices, servers, and applications housing PII on your network can be time consuming and often labor intensive. Privileged users on your IT team must be actively managed and have strong, granular access controls to shared accounts based on their role within your organization. With these added protections, you will know who is accessing each account, can automatically change network passwords, and will have full audit logs to document password compliance.
Password management goes beyond the end-user
Similar to end-user passwords, strict policies must be enforced on privileged credentials. All passwords must be complex and rotated regularly. When a healthcare IT administrator leaves, all of their privileged account access should be revoked and passwords on those accounts changed before they leave the building. Automating this process using robust cyber security software prevents policy violation. Auditing the history of privileged account usage helps to meet HIPAA and HITECH compliance. Frequent password rotation and enhancing security by implementing two-factor authentication, workflow approval, and real-time monitoring of privileged account credentials prevents privilege escalation during an attack.
Avoid a lawsuit – meet the HIPAA Security Rules for IT
For healthcare IT teams managing sensitive patient data, protecting from both external and internal threats is critical. A healthcare data breach not only damages the reputation of your organization, but brings substantial financial implications from monetary HIPAA fines and potential lawsuits. Thycotic Secret Server helps IT teams within healthcare ensure compliance by providing full auditing on privileged users, detailed reporting, lifecycle management of privileged credentials, and strict access controls to protect patient data.