The healthcare industry is vulnerable to a cyber attack

SailPoint​ unveils the findings of a new research report titled, ‘The State of Identity Security 2023: A Spotlight on Healthcare’. The report analysed data from 150 IT and IT security decision makers from healthcare organisations from a number of countries across the globe and identified the most prevalent risks and roadblocks in the industry’s identity security measures.   

Why businesses are falling at the first hurdle  

Most cyber attacks can be attributed to compromised identity, making AI-enabled identity security more vital than ever in protecting sensitive data – for patients, clinicians, and medical infrastructure alike. However, the research revealed that putting this technology into practice is proving more difficult than expected, with almost all organisations (97%) indicating that they have experienced implementation challenges.

This included: 

• Nearly half citing flexibility in integration (43%) and lack of the right skills to change or implement a solution (42%); 
• Nearly two-fifths (39%) referencing regulatory and compliance challenges; 
• And nearly one third (30%) suggesting that a lack of senior buy-in and high initial investment (34%) is their biggest challenge.  

The research also discovered that the failure to implement this technology has cost the industry greatly, with breaches resulting in the following: 

• Operational downtime (43% of organisations who experienced a breach); 
• Compromised accounts and/or credentials (41% of breaches); 
• Revenue loss (36% of breaches); 
• Stolen company data (31% of breaches); 
• Reputational damage (26% of breaches). 

Steve Bradford, Senior Vice President EMEA at SailPoint, said: “Any and all of these consequences represent a serious problem for healthcare organisations, with downtime and revenue losses not only impacting the organisation’s bottom line but affecting the ability to deliver high-quality patient care.”  

The benefits of an efficient identity security programme 

The need for identity security within the industry is being acted upon, with almost all respondents (93%) indicating that their organisation has either fully or partially implemented an identity and access management programme. That said, less than a third of organisations (29%) said that their programme has been in place for more than two years, underscoring that most organisations are still in the early stages of identity maturity.  

The survey also found that implementing identity security results in the following benefits, among others: 

• The ability to connect their identity program to horizontal applications (44%) and vertical applications (42% of organisations); 
• A positive impact on brand reputation (44% of organisations); 
• Having more control and visibility into users (44% of organisations). 

Still, there are opportunities to improve, with 96% of respondents agreeing that their organisation’s ability to detect and prevent an identity-related security breach needs improvement. 

Steve Bradford added: “Nearly every healthcare organisation recognises the importance of strong identity security, and a majority have taken steps to implement full identity and access management solutions—but many of those implementations are still ongoing, leaving organisations vulnerable to attack. And while many are enjoying the benefits that identity securing brings to the table, other organisations are being held back from being truly successful with their identity security programs for a range of reasons, such as lack of senior buy-in and lack of skills.

The industry’s understanding of and relationship with identity security is still maturing, and healthcare organisations can benefit from support and guidance in the unique challenges they face.”  

Methodology 

SailPoint commissioned Vanson Bourne to conduct the research survey. 150 IT and IT security decision makers, from healthcare organisations across the US, UK, Canada, Australia, Brazil, France, Germany and Japan were interviewed in August and September 2022. Respondents were from organisations with 3,000 or more employees.