Framework for Managing Identity in Healthcare Introduced
In response to the growing threat of identity-centric cyberattacks in healthcare, the Health Information Sharing and Analysis Center has published a framework for managing identity for the full work lifecycle of employees, practitioners, patients and business partners.
The white paper, H-ISAC Framework for CISOs to Manage Identity, lays out the groundwork for how to guard against common attacks on identity, lower risk and increase operational efficiencies.
Key steps, H-ISAC says, include creating identity directories and figuring out proper levels of authorization, authentication and access.
"The framework we've outlined is not a one-size fits-all approach, however," H-ISAC notes. "Depending on your organization's particular environment or uses cases, the framework components may be applied differently."
Keith Fricke, principal consultant at tw-Security, tells Information Security Media Group that an identity framework is a helpful way to teach correct procedures.
"Most organizations use one or more frameworks," Fricke says, although smaller facilities may lack the budget or staffing to implement the guidelines.
The H-ISAC framework calls for creating an