Why it Pays to Govern Identities in Healthcare


By Jackie Brinkerhoff

A healthcare data breach comes with a lofty price tag. The average cost of a breach of a healthcare organization now totals over $6 million—$355 per record to be precise. When you compare this to the average cost of non-healthcare organizations coming in at $158 per record, one has to wonder why? Well to start, typical records like credit card numbers, including Personally Identifiable Information (PII) have a finite lifespan.

Once you notice a fraudulent charge on your card, you call your credit card company and your card gets deactivated and (hopefully) your credit card company’s fraud department takes over. When you look at the lifespan of a health record (which contains Protected Health Information (PHI), then my friends you’re looking at the “cybercriminal gift that keeps on giving.” The lifespan is longer because this is the type of information that can’t be changed like a credit card number. 

Regulations such as HIPAA, have been put in place to help make healthcare organizations accountable and ensure they are doing everything they can to protect sensitive PHI. This not only impacts an organization’s security efforts but also their compliance efforts. On top of all that, and perhaps worst of all, healthcare organizations have to also contend with the potential loss of customer trust if a breach were to happen. That one is hard to earn back – especially when such sensitive information is lost. 

So, how do the bad guys even get in? They target us. People like you and me who work for organizations and have access to various parts of the network. They employ tactics that make use of malware and phishing – and it only takes one person to fall for it and boom they gain entry. Wherever their target user can access, they can access. How can providers safeguard access to this ‘sensitive digital gold?’ It starts with addressing the lowest common denominator – controlling access for everyone and everything throughout the IT environment. This is accomplished with identity governance. 

Identity governance enables you to control access for all users, all apps, and all files. It enables healthcare provider organizations to determine and control who has access to what IT resources, who should have access, and how access is used. As part of the process, access rights are appropriately reviewed and scrubbed, thus creating the foundation for other identity-centric functions such as single sign-on, multi-factor authentication, and privileged account management. 

Identity governance not only helps prevent costly healthcare data breaches, but healthcare providers have experienced significant returns for their business. Applying an automated identity solution can improve operational efficiency, accelerate user productivity, and reduce expensive IT helpdesk costs. If it sounds like a good deal, it’s because it is one. By automating critical processes related to user access rights, identity governance can drive quantifiable value in various ways. 

Here’s how. 

  • Timely User Access
    • The time required for access requests to be granted per user plummets 80% from an average of 60 minutes to 12
  • Lighter Workload
    • Password resets account for up to 50% of helpdesk service calls. Identity reduces the IT burden by cutting the number of such calls by 60%
  • Reduced Risk of Breach
    • By reducing the threat surface, the risk of a data breach drops from 30% to only 5%
  • Quicker Compliance
    • Perform access entitlement reviews in only ½ the time compared to the industry average
  • Cost Savings
    • Save up to 83% on highly effective security and spend up to 82% less for attestation and compliance 

How Would You Spend Six Million Dollars? 

The savings from being proactive means that organizations can use that cost (and time) savings to do more things like: efficiently onboard new applications (your users will thank you); upgrade from existing legacy identity solutions (your IT and identity teams will thank you); and extend identity programs to include proper governance of access to data files (your customers’ data will be far safer and yes, they too will thank you). It’s a no-brainer for budget and time-conscious decision-makers. 

The bottom line is that it pays to properly govern your users access to the systems and data that make your healthcare organization run smoothly. Our identity platform is predictive, flexible and automated and tailored to make identity work for you in the healthcare industry.

Download the ‘Why it Pays to Govern Identities in Healthcare’ brief here. 

Jackie Brinkerhoff is Director of Product and Solution Marketing of SailPoint.