Why Privileged Account Management Matters in Health Data Security

    Organizations should consider implementing privileged account management solutions to work toward more comprehensive health data security.

    As healthcare providers continue to work toward creating strong cybersecurity measures, it is important to remember that insider access could also lead to a potential data breach. Failing to secure privileged accounts could lead to unauthorized users gaining access to sensitive data.

    Minnesota-based Allina health recently implemented Thycotic’s Secret Server for improved privileged account management (PAM)

    Healthcare organizations cannot afford to let privileged user accounts run dormant, said mr. Thomas Peeples, CISSP. 

    “The primary use case for purchasing a PAM tool of this nature was to meet a [Payment Card Industry] requirement of rotating local administrative accounts on workstations,” Peeples said, adding that he believed the requirement to be every 90 days.

    “We wanted a way to automate that process because prior to Secret Server, we just disabled the local administrative account,” he continued. “It was a task to get them turned back on if they were needed for any support work.”

    They found that Secret Server  was able to reach out to work stations and remotely manage the local administrative account and rotate it on a scheduled basis. They were also able to reduce the number of domain admin accounts in its environment. 

    “When we implemented Secret Server and I was able to communicate its value to that team, they decided to remove individual privileged accounts from the domain administrators group. They instead created about four shared accounts that are now managed and stored in Secret Server.”  Each time that account needs to be used it’s going to be checked out by the individual needing the account, Peeples explained. Upon checking the account back in, the account is automatically rotated and a new password is put in place.

    “If we ever were compromised or a breach was to take place, they’d say it’s about 260-something days before you would know about it,” Peeples noted. “Well, if somebody compromises one of our domain admin accounts today, the chances of them being able to use the account tomorrow or next week is eliminated due to Secret Server. Now those accounts are rotated almost every four hours, and mostly on a daily basis.”

    Other healthcare providers that are considering updating their own PAM solutions should start from the top down, Peeples advised. Essentially, entities should make sure their leadership team is aware of and understands PAM, and also understands how different tools can assist with PAM in the protection of privileged accounts.  

    “Once you have that leadership buy-in then the security team needs to go ahead and make sure your policies are updated to reflect how privileged accounts should be managed,” Peeples said. “Once the policies are in place then you are able to introduce the tool to the teams and show them how to use the tool. Teams can learn for example, ‘Secret Server is a tool that you can use to be compliant with the current policies that are in place.’”

    From a PCI perspective, rotating accounts and protecting those accounts is important, Peeples said. There is also then an audit trail for employees who are using those accounts and passwords.

    Security teams, server teams, and even desktop teams within a healthcare organizations may require varied approaches with regard to implementing new tools and updating policies and procedures, he explained. Entities will need to adopt an approach that works for their daily operations and team members.

    “From a security perspective, starting from the leadership position and updating policies to reflect how privileged accounts should be managed is definitely the path that I would recommend any other security team that wants to push to use [PAM solutions],” he said.

    ENSURING BASIC CYBER HYGIENE FOR IMPROVED DATA SECURITY

    Overall, PAM should be a priority for organizations, especially as nearly every major data breach that has happened as been due to some type of account compromise, Peeples stated.

    “We have to change our mindset from this idea of convenience to really paying attention to how the threat landscape is changing,” he stressed. “We need to know what the core reason is for a lot of these breaches.” 

    “Primarily it’s just been compromised administrative accounts that are never changed,” he continued. “Such as service accounts. Most hackers know that service accounts are never changed. Most hackers know that local administrative accounts on servers are never changed.”

    It’s a good practice currently to begin to rotate those accounts, Peeples maintained. Those accounts should be rotated in an effort to minimize the number of stale accounts in the environment.

    Organizations must also know where their privileged accounts are, he concluded. There needs to be a solid auditing and provisioning process in place as well.

    “When there’s a deviation of those normal behaviors, it should be looked into because that could be another sign that some malicious behavior is beginning to take place with privileged accounts,” Peeples added. “And update your policies and discuss PAM. Those are basic cybersecurity hygiene approaches that you need to do going forward.”

    Source article by Elizabeth SnellWhy Privileged Account Management Matters in Health Data Security? 

    READ MORE: