Why Data Access Management Is Important for Healthcare
Data access management is a key component of the zero-trust data pillar. It encompasses robust authentication and role-based access control to verify users and conduct continuous monitoring of a connection for a takeover or threat, according to Greenberg.
“This could include monitoring for anomalous high-bandwidth transfers or attempts to exploit a database using an unusual query,” Greenberg says.
Sickles says health systems should consider deploying Trusted Platform Management, which is a crypto-processor on a chip that generates, stores and limits the use of cryptographic keys.
Using TPM on top of data protection strategies provides helpful physical protection for health data, he says.
Data analytics is not used enough in healthcare, and health systems should take steps to learn more about the evolution of data, including where data is processed and transmitted and how it’s accessible, says CDW Healthcare Strategist Mike Gregory.
DISCOVER: Zero-trust lessons health IT teams can learn from the federal government.
“All of these activities start by e-discovery or analytical tools just so they have an idea of the scope of the data,” Gregory says. “And then we need to make some very astute data classification analysis for both structured and unstructured data.”
Zero-trust data access management can improve onboarding and decommissioning of accounts on a network, according to Gregory. In addition, data access management strengthens operational efficiency, speed and accuracy as data moves from point A to point B, Gregory says.
By decommissioning accounts at the right time, health systems can prevent data loss due to malicious activity, he adds. Gregory notes that healthcare data is about 250 times more valuable on the black market compared with payment card data.
Implementing data access management based on zero trust can also improve compliance with regulatory requirements. It also helps health systems avoid penalties due to improper handling of data and can reduce cybersecurity insurance premiums, Gregory says.
A zero-trust strategy encompasses robust data authentication, network access control technologies and pervasive application access controls, according to Newton.
“When evaluating security products, the solution should be able to provide zero-trust capabilities for both cloud-based assets and on-premises assets, including providing the internal segmentation and zones of control,” Newton says.
LEARN MORE: Palo Alto Security Expert Paul Kaspian explains why healthcare needs zero trust.
Healthcare systems can use security solutions that support zero trust network access, which offers secure remote access to data and services according to specific access control policies. Some ZTNA solutions, such as Fortinet’s, differ from virtual private networks by granting access on a per-session basis.
“With ZTNA, users and devices can’t access an application unless they provide the appropriate authentication credentials,” Newton says. “ZTNA places applications behind an application gateway, creating a secure, encrypted tunnel for connectivity.” He adds that network administrators only grant access after both the device and user have been verified.
When thinking about data in healthcare, the biggest risk to patients lies in potential changing of data rather than the access, Sickles says.
“The data investigation or data access is not the true risk here,” he says. “What we’re fearful of is data modification and manipulation to change the outcome of a patient’s clinical experience.”