Ghost Users Haunt Healthcare Firms
Data security hygiene severely lacking among healthcare firms, new research shows.
More than three-quarters (77%) of healthcare companies have 500 or more accounts with passwords that never expire, while 79% have more than 1,000 ghost users — user and service accounts that are inactive but still enabled, according to new Varonis research.
The data security report, which analyzed 3 billion files across 58 hospitals, pharmaceutical firms, and biotechnology companies, also found nearly 20% of all files are accessible to every employee.
The average healthcare organization has 31,000 sensitive files — including those that include HIPAA-protected information, financial data, and proprietary research — open to everyone, according to a summary of the findings.
The full findings can be found here.
About the Author
You May Also Like