Key takeaways from the state of identity security 2023: a spotlight on healthcare

This week, SailPoint released a new report titled The State of Identity Security 2023: A Spotlight on Healthcare. The report examines what identity security looks like in the healthcare industry today, particularly in the face of continuing challenges, including chronic staffing shortages, the ongoing increase in malicious cyberattacks against providers, and the growing number of data privacy and information security regulations impacting the industry. In addition, the report seeks to illustrate what the future of identity security in healthcare may look like, helping those in the industry shape their identity strategies in 2023 and beyond.  

The report analyzes survey responses from 150 IT and IT security decision-makers from healthcare organizations across the US, UK, Canada, Australia, Brazil, France, Germany, and Japan. Below, please find a brief examination of the report’s key findings—though we encourage you to read it in its entirety. You can also check out our infographic that displays several of the most important takeaways in an easily readable form. 

Identity Is a Priority—but the Threat Landscape Remains Challenging  

One of the report’s most encouraging findings is that those within the healthcare industry almost universally recognize the importance of identity security, with 95% of those surveyed indicating that identity security is either a relatively important, critical, or number one investment priority for the organization. In fact, 29% indicated that it is the organization’s number one investment priority, highlighting the increased prioritization the identity security has received amid growing cloud adoption, digital transformation, and mergers and acquisitions within the industry.  

Even more encouraging is the report finding that the need for identity security is being acted upon: 93% of respondents indicated that their organization has either fully or partially implemented an identity and access management (IAM) program. That said, just 29% say that their program has been in place for more than two years, underscoring that most organizations are still in the early stages of identity maturity. This helps to illustrate the relative vulnerability of the healthcare industry in recent years, but the fact that implementation is trending in a positive direction is good news. 

This is particularly important as 93% of respondents indicated that their organization had experienced an identity-related breach within the past two years. The impact of those breaches ranges from operational downtime (43%) and compromised accounts and/or credentials (41%) to revenue loss (36%), stolen company data (31%), and reputational damage (26%). Any and all of these consequences represent a serious problem for healthcare organizations—downtime and revenue loss don’t just impact the organization’s bottom line but its ability to deliver high-quality patient care. Following a breach, the looming specter of regulatory penalties serves as a further warning.   

There Are Roadblocks to Implementation—but the Benefits Are Vast 

Unfortunately, there are still roadblocks. Among those surveyed, 97% indicated that they had experienced challenges when it comes to implementing identity solutions, including 43% who cited flexibility in integration and 42% who said they lack the right skills to change or implement a solution. Another 39% referenced regulatory and compliance challenges, which have a powerful bearing on the healthcare industry. Other factors, such as a lack of senior buy-in (30%) and high initial investment (34%), were also cited by a significant portion of respondents, highlighting that organizational buy-in remains a problem for many.   

For those who overcome those roadblocks, however, the advantages are many. Respondents unanimously reported that implementing identity security has resulted in benefits. The most common of these include: 

• the ability to connect their identity program to horizontal applications (44%) and vertical applications (42%) 

• a positive impact on brand reputation (44%) 

• having more control and visibility into users (44%) 

Other respondents pointed to financial benefits, including total cost of ownership (38%) and cost and/or time savings within their IT and security teams (38%). While ease of integration, added control and visibility are important benefits, it is also worth highlighting the number of respondents that indicated financial and reputational benefits associated with the implementation of an identity solution.  

Still, there are opportunities to improve, with 96% of respondents agreeing that their organization’s ability to detect and prevent an identity-related security breach needs improvement. In addition, 38% of respondents indicated that managing access is time-consuming, with a typical healthcare IT professional spending more than a third of their week managing access and permission for identities. Fortunately, these challenges are likely to ease significantly as healthcare organizations improve the maturity of their identity deployments.  

Looking to the Future of Healthcare Identity 

The State of Identity report paints a clear picture of the healthcare industry’s relationship with identity security. Nearly every healthcare organization recognizes the importance of strong identity security, and a majority have taken steps to implement full IAM solutions—but many of those implementations are still ongoing, leaving organizations vulnerable to attack. And while many are enjoying the benefits that identity securing brings to the table, many are being held back from being truly successful with their identity security programs for a range of reasons. The industry’s understanding of and relationship with identity security is still maturing, and healthcare organizations can benefit from support and guidance in the unique challenges they face.   

Download the full State of Identity 2023: A Spotlight on Healthcare report.