Healthcare identity teams are often understaffed and overworked. We often deal with a large amount of technical depth, vendors that don’t follow security best practices, and so many areas for improvement it can feel like you’re drowning in problems that are difficult to solve.

When our organization purchased Cybersecurity insurance 6 years ago and they began asking about privileged account password rotation it was uncharted territory for us. It was something we knew we needed to do but we only had one FTE dedicated to running our PAM solution.

We decided to do a PAM focused pen test to gain metrics of how serious the issue was. After the pen test results were presented our Identity team was given budget for two contract positions, a separate remediation team for other findings, and we developed a strategy to begin to secure our privileged account using a risk-based approach.

We’ve now deleted over 800 stale privileged accounts, are doing password rotations for hundreds if not thousands of our riskiest accounts and are now monitoring for privileged access violations.

Learn how we used metrics to grow our team and mature our PAM program.