Why Identity and Access Management Is Weak in HealthcareCybersecurity and Privacy Expert Lee Kim of HIMSS Discusses Sector's Top Challenges
Despite the drum beat that began about a decade ago for healthcare entities to bolster their identity and access management, it is still an "incredibly weak" area for far too many, says Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.
"It behooves all healthcare organizations of all sizes and types to have really strong identity and access management," she says in a video interview with Information Security Media Group ahead of the HIMSS 2022 conference taking place in Orlando, Florida on March 14-18.
"If there's anything that needs to be assessed and addressed more, it is a heightened assurance that the individual or entity that is accessing systems or networks is really who they claim to be," she says.
For instance, "tight provisioning of accounts might seem trivial, but many healthcare entities have contractors, employees and others that are constantly flowing in and out of the organization because they may be visiting and/or their roles may change," she says.
HIMSS' recent 2021 annual cybersecurity survey found that many healthcare organizations across its enterprises are not implementing strong identity and access management, which Kim says is "troubling."
In the video interview, Kim also discusses:
- Other security weaknesses common among healthcare organizations that need more attention;
- Cyberattack trends affecting healthcare sector organizations;
- Why many healthcare organizations have been "on edge" during the Ukraine-Russia war.
Kim, an attorney, is the senior principal of cybersecurity and privacy at HIMSS. She also has served as a team leader of the U.S. Department of Homeland Security's analytic exchange program and as a member of the National Cybersecurity Training and Education Center National Visiting Committee. Before joining HIMSS, Kim practiced law in the areas of IT, healthcare technology, intellectual property and privacy and security. She also previously worked in the healthcare technology field.