- Easily eliminate the security risk of shared accounts- Often times in hospitals, doctors and nurses use shared accounts with one set of credentials for everyone. This is especially common in Emergency Rooms where employees use one PC to access important information. To avoid spending valuable time logging into Windows and launching applications, one generic user account is often used, which is not secure since users can gain access to specific information. It is also makes it difficult when it comes to audits and compliance. Instead doctors and nurses will need their own credentials for each application, but requiring them to remember all new credentials for each of the applications can be difficult, and logging in and out is a time consuming process. A single sign on application will ease this process and allow the employees to only have to remember one set of credentials, making the process of eliminating shared accounts easy. Combining this with a smartcard is even more efficient. Once a user presents the smartcard to the reader, it is recognized by the SSO software and the user is automatically switched, logged in and the right applications are launched.
- No written down passwords-Hospitals would like to implement strong and complex passwords due to audits requirements. Implementing complex passwords though has major consequences for end users. Often if users have to remember several different and complex passwords, which also need to be changed once in a while, they will write them down and store them somewhere. This makes the applications and systems insecure since people can easily find out the credentials. With a single sign on solution doctors and nurses will not need to write down there credentials since they will only need to remember one combination of username and password. This will eliminate this security risk and give hospitals the possibility to easily implement complex passwords.
- Give employees correct access rights - To ensure security of the network and information in a hospital, employees need to be given the correct security permissions depending on their job roles. Ensuring that employees have the proper access rights will improve security. Doing so requires setting controls which can take the IT department months to implement. Using a role based access control solution can assist with this process. It will help the IT department easily populate the RBAC matrix and provide a simple overview of network resources available to an employee base on their job role.
- User provisioning - Often when employees leave employment at a hospital, the IT staff is not notified right away and the employees accounts are left open allowing ex-employees the ability to access information. This makes the systems and information not secure and can lead to serious problems. With an automated account management solution in place, the IT department can quickly and easily de provision accounts as soon as an employee leaves, to ensure security and easily comply with audit standards.
- Stored Information- With a single sign on solution information can be stored about who is logging into each application and what they are doing. This will allow the IT department to easily review who has access to what and if their applications and systems are secure. It will also allow them to easily comply with audit standards.
Friday, March 22, 2013
Five ways Hospitals can Improve Information Security
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment