Clearwater identified the most typical security flaws in the healthcare industry using the data analyses of IRM done during the last 6 years. There were millions of risk reports examined from hospitals, Integrated Delivery Networks, and business associates of entities to pinpoint the most prevalent security weaknesses in the healthcare industry.
According to the data exhibited, 37% of high and critical risks were seen in 3 network areas: User authentication, Endpoint leakage and Too much user permissions
The most prevalent security flaws in medical care were inadequacies in user authentication. These happen because of failing to appropriately authenticate users and validate the level of access granted to users of an entity’s information. These inadequacies involve using default passwords and common user IDs, jotting down passwords and putting them on PC monitors or keeping them underneath keyboards, and the transmitting user details by means of plain text email messages.
User authentication insufficiencies were most often linked to servers and SaaS solutions. Clearwater additionally notes that around 90% of healthcare institutions said they utilize password/token control policies and procedures, yet oftentimes the practical execution of procedures is missing.
Clearwater advises utilizing strong passwords, permitting single sign-on, and using rate limiting to lock-out accounts after a specific number of unsuccessful attempts of signing in. Of the companies that had user authentication problems, companies with insufficiencies in password requirements comprised 84.4%. 52.2% didn’t use single login and 40.4% didn’t employ rate limiting.
The cybersecurity guidelines of reducing the usage of admin accounts and minimizing the systems and information accessible to end users was typically not implemented by healthcare institutions.
Not being able to control access to drives and systems that users do not need to execute their work responsibilities grows risk. By decreasing user permissions, when credentials are jeopardized, the problems that could be brought about will be minimal. Healthcare institutions ought to observe the principle of least privilege and ought to only grant users access to information and systems that they need to do their work tasks.