3rd Party Risk Management , Business Continuity Management / Disaster Recovery , Critical Infrastructure Security

Why Identity and Access Management Is Weak in Healthcare

Cybersecurity and Privacy Expert Lee Kim of HIMSS Discusses Sector's Top Challenges
Lee Kim, senior principal of cybersecurity and privacy, HIMSS

Despite the drum beat that began about a decade ago for healthcare entities to bolster their identity and access management, it is still an "incredibly weak" area for far too many, says Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.

See Also: Take Inventory of Your Medical Device Security Risks

"It behooves all healthcare organizations of all sizes and types to have really strong identity and access management," she says in a video interview with Information Security Media Group ahead of the HIMSS 2022 conference taking place in Orlando, Florida on March 14-18.

"If there's anything that needs to be assessed and addressed more, it is a heightened assurance that the individual or entity that is accessing systems or networks is really who they claim to be," she says.

For instance, "tight provisioning of accounts might seem trivial, but many healthcare entities have contractors, employees and others that are constantly flowing in and out of the organization because they may be visiting and/or their roles may change," she says.

HIMSS' recent 2021 annual cybersecurity survey found that many healthcare organizations across its enterprises are not implementing strong identity and access management, which Kim says is "troubling."

In the video interview, Kim also discusses:

  • Other security weaknesses common among healthcare organizations that need more attention;
  • Cyberattack trends affecting healthcare sector organizations;
  • Why many healthcare organizations have been "on edge" during the Ukraine-Russia war.

Kim, an attorney, is the senior principal of cybersecurity and privacy at HIMSS. She also has served as a team leader of the U.S. Department of Homeland Security's analytic exchange program and as a member of the National Cybersecurity Training and Education Center National Visiting Committee. Before joining HIMSS, Kim practiced law in the areas of IT, healthcare technology, intellectual property and privacy and security. She also previously worked in the healthcare technology field.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.