Ransomware isn’t going away
The healthcare industry is facing an increasing number of cybersecurity threats, as well as growing regulatory scrutiny and compliance requirements. According to the 2022 FBI Internet Crime Report, the healthcare sector accounted for almost a quarter (24%) of the 870 reported ransomware incidents.
Source: FBI Internet Crime Report, 2022
The cost of ransomware attacks is high. In a Ponemon Institute survey published in January 2023, 67% of the respondents indicated that their organizations are paying ransom in the hundreds of thousands of dollars. The average interruption lasted 35 days, not to mention the potential of regulatory fines and penalties, heightened risk to patient care, and the reputational damage, downtime, and lost revenue organizations are facing.
Perimeter security doesn’t work anymore
Legacy network and firewall-based architectures no longer provide sufficient protection against these attacks. As long as bad actors can discover IP addresses (which they can do with IP-based firewalls and VPNs), they can find you and compromise you by getting access to as little as a single workstation. Given that hospitals and other healthcare organizations have large numbers of shared workstations in their environments, it’s important to ensure the right identity and have the right security safeguards in place. But, it’s even more challenging when you’re bound by regulatory requirements like HIPAA and HITECH.
For this reason, security policies should follow the user and user activity should be tracked to distinguish actions between users, even if they work on the same workstation or different workstations at different times. It’s important that not only is the user’s identity secured, but also that the user-to-application access control and context be understood to ensure protection.
A new approach is needed
A new security approach based on a zero trust architecture is required to provide protection and ensure compliance. Zero trust starts with identity. Imprivata has been a leader in identity for healthcare organizations for over two decades, providing capabilities that enable, control, and monitor digital identities to deliver fast user access, improve security, and ensure compliance across all systems.
The healthcare space has unique requirements. Medical professionals can’t afford delays when trying to securely access the applications they need to provide patient care, yet healthcare organizations must ensure they protect PHI from internal, external, and third-party threats. Therefore, managing and controlling the digital identity and ensuring that security follows the user instead of the device is the only way to keep data and applications secure while ensuring quick and proper clinician access.
Zscaler has been a pioneer in zero trust for over a decade with the cloud-native Zero Trust Exchange platform that helps stop cyber attacks using its proxy architecture, prevent lateral movement by connecting users directly to their apps (not networks), and minimizing the attack surface by making apps invisible to hackers (you can’t attack what you can’t see).
Best-of-breed zero trust
The Zscaler Zero Trust Exchange platform and the Imprivata Digital Identity platform make it easier for healthcare organizations to adopt a zero trust architecture. This includes support for multi-user workstation environments, enabling clinicians to conveniently and securely authenticate in and out of shared devices with the Imprivata Digital Identity, while ensuring they can only access applications for which they’ve been authorized. The solution also allows organizations to track all user activity via logs for traceability and compliance requirements.
Additionally, Zscaler integrates with CrowdStrike, the leader in endpoint security, to secure the workstation. This integration examines the device posture of the workstation to ensure the machine itself is not compromised. Clinicians simply authenticate withImprivata as they’ve always done while Zscaler Client Connector and CrowdStrike Falcon work silently in the background to ensure protection. This allows your security team to rest easy at night.
Zscaler’s partnerships with Imprivata and CrowdStrike address three foundational elements of a zero trust solution: users, devices, and applications.
Together, Zscaler, Imprivata, and CrowdStrike provide the industry’s first end-to-end, best-of-breed zero trust security solution that helps healthcare organizations enhance the user experience, stay compliant, reduce the attack surface, and achieve zero trust.
To learn more about the Zscaler and Imprivata solution and how it can benefit your organization, please visit our website at www.zscaler.com/industries/healthcare or contact us directly.
