Healthcare organizations care deeply about the protection and privacy of their patients. And they invest heavily in both because they know that the cost of a healthcare data breach can have profound human and monetary costs. Because of this effect, the industry is highly regulated and focuses heavily on cyber security practices, especially when compared to other sectors.
To comply with many of the standards impacting the industry, experts working in the healthcare sector must make sure their machine identities are secured. IT systems administrators use Secure Shell (SSH) keys to authenticate machine identities and to gain the highest levels of administrative access in healthcare organizations. This makes SSH keys very valuable assets to administrators, and unfortunately, to cyber criminals as well.
However, despite the inherent risk of SSH key abuse, these powerful assets are routinely untracked, unmanaged and poorly secured. Unfortunately, this can leave the key in the door for cyber criminals.
“It’s absolutely imperative that healthcare organizations secure their machine identities,” said Nick Hunter, senior digital trust researcher for Venafi. “The healthcare industry faces intense threats from cybercriminals and must comply with rigorous regulatory standards. However, some of the most valuable assets in the industry are often left unprotected.”
Venafi recently conducted a study that evaluated how healthcare organizations manage and implement SSH in their environments. With participation from 102 IT security professionals from the healthcare sector, the study reveals a widespread lack of SSH security controls.
For example, only 8% of respondents admit they have a complete and accurate inventory of all their SSH keys. If healthcare organizations do not know where their SSH assets are or how they are managed, they cannot determine if keys have been stolen, misused or should even be trusted.
Additional highlights from the study:
“Unfortunately, this survey indicates that healthcare organizations are not securing all of the systems and applications that protect patient data. SSH keys provide elevated privileged access that must be protected with the same governance controls that are applied to administrator accounts and passwords,” concluded Hunter.
How healthy are the SSH assets at your healthcare organization?