The company Clearwater have identified the most frequent security weaknesses in the healthcare sector. They achieved this through analysing data from IRM analyses conducted over the course of the past six years. In this analysis millions of risk records were assessed from hospitals, Integrated Delivery Networks, and business associates of such entities to identify the most frequent vulnerabilities in terms of security in healthcare.
The analysis showed almost 37% of high and critical risks fell into three areas:
- User authentication
- Excessive user permissions
- Endpoint leakage
User authentication was the security weakness that is most common in healthcare. This is a failure to correctly authenticate users and verify the level of access that users should have to view and use organization’s resources. The use of default passwords and generic user IDs, the transmission of user credentials via email in plain text and writing down passwords and posting them on computer monitors or hiding them under keyboards are all possible deficiencies that explain the weakness in user authentication.
User authentication deficiencies were most commonly seen with servers and SaaS solutions. More than 90% of healthcare organizations said they had password/token management policies and procedures, according to Clearwater. However, in many cases, the technical implementation of procedures was found to be below par.
Enforcing the use of strong passwords, enabling single sign-on, and implementing rate limiting to lock accounts after a set number of failed login attempts are some recommendations made by Clearwater to solve such deficiencies. Out of all the organizations that had user authentication deficiencies, 84.4% had deficiencies in password requirements, 52.2% failed to implement single sign-on, and 40.4% had not implemented rate limiting.
The best cybersecurity practices for healthcare organizations is the limiting the use of admin accounts and restricting the systems and data that end users can access. However, these practices were often not adopted by healthcare organizations.
Organizations that failed to restrict access to drives and networks not required by users to perform their work duties saw an increase in risk. When user permissions are restricted, the damage that can be caused will be restricted in the case of credentials being compromised. Therefore, to solve such issues healthcare organizations should adopt a policy of only giving users access to data and networks that they require to perform their work duties.