Cybersecurity in healthcare has reached a critical point where traditional defences are no longer enough. As ransomware attacks become more advanced and targeted, especially towards systems with broad access privileges, healthcare organisations must adapt their strategies. Intermountain Health has embraced a privileged access model that limits credential exposure and isolates critical systems. The approach is intensive, requiring meticulous implementation and sustained organisational commitment, but it significantly strengthens resilience against cyber threats. By isolating administrative credentials and segmenting system access, the health system aims to block attackers before they can cause lasting damage.
Targeting Privileges to Disrupt Attack Chains
Ransomware groups consistently target IT control systems because of the sweeping access they provide across networks. One of the most vulnerable components is Active Directory, which manages up to 80% of a healthcare organisation’s operations. Attackers typically begin with a single compromised device, often an IT administrator’s workstation, and quickly escalate their access rights. Once high-level privileges are secured, they can move laterally through the network, extract sensitive data and deploy ransomware across the infrastructure. Tools such as Mimecast and Cobalt Strike are commonly used to extract credentials and automate malicious actions. Intermountain Health’s analysis of real-world incidents, including those involving the Black Basta group, confirms that these techniques consistently follow a well-rehearsed playbook: gain initial access, escalate privileges, identify domain administrators and then execute wide-scale disruption. Recognising this pattern is essential to designing defences that disrupt the attack sequence before irreversible damage occurs.
Isolating Tiers to Limit Credential Exposure
Intermountain Health has structured its defensive strategy using a tiered access control model based on the Bell-LaPadula principle. The model divides systems and privileges into separate layers that cannot interact across boundaries. At the core, Tier Zero houses the most sensitive assets such as domain controllers and administrative credentials. Access to Tier Zero is granted only through physically separate privileged access workstations. These workstations are not shared or virtual environments; they are purpose-built devices used exclusively for managing a specific tier. Tiers One and Two contain operational systems like electronic health records and standard endpoints, respectively, and are similarly restricted in how they can be accessed. Each tier can interact within itself but cannot reach into higher tiers. This isolation means that even if an attacker gains access to a lower-tier system, they cannot escalate privileges beyond that layer. Although the segmentation adds complexity and can slow down administrative processes, it significantly reduces the risk of widespread compromise. In high-stakes environments such as hospitals, the balance of slightly reduced efficiency in favour of vastly improved security is a necessary trade-off.
Must Read: Securing Access with SAML: A Strategic Asset for Healthcare IT
Managing Change and Gaining Support
Deploying a privileged access model at scale requires more than technological adjustments; it demands a shift in mindset and a commitment across departments. Identifying all individuals with high-level access is often more complicated than expected. Credentials may reside with IT staff, cloud operations personnel or other roles that do not directly report to cybersecurity leadership. Furthermore, those credentials may be stored on workstations, servers or cloud platforms, making them difficult to track and isolate. Cleaning up this credential sprawl is both laborious and essential. As each tier is implemented, the need to restrict access grows, leading to changes in how administrators perform their tasks. Staff are required to use different machines for specific duties, which can initially appear to reduce their productivity. However, many functions—such as email or meetings—do not require privileged credentials and can continue from standard workstations. Clear communication about the purpose of these changes and the security they provide is key to securing support. Repeatedly explaining the rationale, engaging with sceptical stakeholders and staying firm on the model’s core requirements has helped Intermountain Health move forward. The message is clear: in an environment where a breach could cripple the entire system for weeks, proactive isolation is worth the inconvenience.
Ransomware prevention in healthcare demands a defensive posture that anticipates and blocks the most frequent intrusion paths. Privileged access controls based on tiered isolation provide a structured, proven method to harden systems against such attacks. While the implementation process is resource-intensive and may encounter resistance, the security benefits are substantial. Intermountain Health’s experience shows that even complex infrastructure can be made resilient through disciplined access management and persistent internal advocacy. By investing in these controls and maintaining an adversarial mindset, healthcare providers can shift from being easy targets to hard ones, protecting their operations and ensuring continuity of patient care.
Source: Healthcare IT News
Image Credit: iStock
