The healthcare industry is under a constant barrage of cyberattacks. It’s traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The US Government’s Civil Rights Office reports 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, in which more than 50 million records were stolen.
Health records often include name, date of birth, social security number, and address. This treasure trove of data is used in identity theft, tax fraud and other crimes. It’s the high value of data that makes healthcare applications such a promising target.
The healthcare industry is hesitant to adopt SaaS applications. However, SaaS applications lead to better collaboration among medical professionals, which leads to better patient outcomes. That, combined with SaaS’s ability to reduce costs and improve financial performance, has led the industry to fully embrace SaaS solutions.
Today, medical facilities store patient records, billing records, and other sensitive data containing PHI (protected health information) and PII (personally identifiable information) which are often stored in Salesforce, Google Workspace, and Microsoft 365.
Securing Access to Medical Data
In the United States, medical data is protected by HIPAA, the Health Insurance Portability and Accountability Act. The security breach impacting more than 500 people was widely reported in the media and was accompanied by significant fines.
SaaS applications such as Salesforce, if they contain a HIPAA compliance add-on, are sufficiently secure to prevent attackers from entering the application and accessing patient data. SaaS applications are always updated to the latest versions and don’t have the same kinds of vulnerabilities found in on-premises software.
SaaS developers invest heavily in providing secure software solutions. They maintain a team of security professionals who continuously monitor and update their software to deal with emerging threats. The application runs on state-of-the-art infrastructure with strong physical security measures, redundant systems and disaster recovery systems. They comply with stringent industry standards, ensuring the highest levels of security and compliance for healthcare data.
Layered Access Security
In a report issued in August 2022 by the Office of Information Security and the Health Sector Cybersecurity Coordination Center (HC3) on the impact of social engineering on healthcare, researchers found that 45% of all attacks against the healthcare industry started with phishing attacks. Employees are manipulated into giving up their login credentials, allowing threat actors to enter through the front door.
SaaS applications have many layers of defense against these types of breaches. For example, many SaaS applications require MFA at login. Without a one-time password, most threat actors will be thwarted when they try to access with just a username and password. Second, many organizations require SSO to access their applications. This additional layer of identity structure creates more complexity for threat actors as they try to penetrate SaaS applications. There are over 100 security checks within Salesforce and Microsoft 365 that combine to form a strong line of defense.
It wasn’t so long ago that anyone who managed to penetrate a SaaS application had full rights to do anything within the permissions they were assigned. Steal credentials from the admin, and the entire application can take control of the threat actor in minutes. That’s no longer the case.
Leading SaaS security tools have added an identity threat detection and response (ITDR) layer to the equation. This last line of defense ensures that if a threat actor is able to access the application, the security team will be notified when the threat actor enters the SaaS application, even if they are accessing the application with valid credentials.
ITDR recognizes behavioral anomalies in individual users. If a threat actor enters the SaaS stack and acts suspiciously, ITDR will flag the behavior and notify the security team, who can disable user accounts and conduct an investigation.
The healthcare industry is familiar with role-based access to medical records. Those who do not need access to patient records cannot review medical files. This approach is critical to SaaS security. Following the Principle of Least Privileges (POLP), each user can only access the material necessary for their role. If the credentials for those users are compromised, threat actors will be unable to access the PHI data they are looking for.
Automating Health Care Application Security
A SaaS Security Posture Management (SSPM), like Adaptive Shield, is the most important tool used to sustain healthcare applications. SSPM performs 24/7 automatic monitoring of security settings, staying abreast of settings and notifying security personnel when configurations are changed. If a user mistakenly reduces an application’s security state, SSPM helps ensure that misconfigurations are closed quickly.
SSPM also monitors third-party applications connected to the core SaaS applications. It keeps track of their permissions and triggers an alert when the permission granted exceeds company policy or HIPAA standards. It tracks inactive users, external users, and authorized users, ensuring that they, like doctors treating patients, don’t compromise the app.
By implementing SSPM, healthcare organizations can ensure that sensitive patient data stored in applications is secure.