NHS England: Multi-Factor Authentication
Policy Compliance with Silverfort
MFA Challenges for NHS Organisations
There is a lack of visibility within most NHS organisations regarding how privileged users are accessing critical assets, and which users and resources require MFA. Many critical NHS resources are legacy applications deployed into on-prem environments and are usually accessed remotely. Many legacy Electronic Patient Records (EPR) and on-prem health information technology systems were not designed to implement modern security controls such as MFA.
According to Microsoft, multi-factor authentication (MFA) can prevent more than 99.9% of account compromise attempts. Despite the fact that MFA is the ideal solution to prevent identity-based attacks in theory, its usability and flexibility challenges create friction during the adoption process by medical professionals. In healthcare environments, this can result in potential system failures.
The Solution: Silverfort's MFA and Unified Identity Protection Platform
Silverfort enables NHS organisations to deploy MFA protection to all environments and resources in the Cloud or On-Prem without the need for agents or proxies. Furthermore, Silverfort empowers NHS Organizations to seamlessly integrate with existing IAM & MFA solutions, extending these tools (such as Azure MFA) to NHS resources and access interfaces across on-prem and multi-cloud environments. This includes resources that couldn’t be protected with MFA before, such as medical legacy devices and applications, IT infrastructure, and more.
Silverfort analyzes the context of each user (or service account) access request, leveraging Silverfort’s risk engine. It then applies the appropriate access policy. This process can stop an attacker from moving laterally and running a successful ransomware attack. By enforcing MFA at the identity level, it creates another layer of security against incoming identity attacks.
NHS organisations and contractors are being encouraged to implement multi-factor authentication (MFA) controls for all privileged users and services accessing critical systems and data. In order to reduce the number of exposed attack surfaces, especially identity-based attacks that utilise compromised credentials, this framework has been developed. According to this new policy, which was published at the beginning of 2023, UK NHS organisations are required to make every reasonable effort to comply as soon as possible.
Who does the MFA Policy Apply To
NHS trusts and foundation trusts
Integrated care boards
Arm’s length bodies of the Department of Health and Social Care
Commissioning support units in NHS England
Operators of essential services for the health sector in England as designated under the NIS Regulations
NHS England: Multi-Factor Authentication Policy Compliance with Silverfort
NHS organisations and contractors are being encouraged to implement multi-factor authentication (MFA) controls for all privileged users and services accessing critical systems and data. In order to reduce the number of exposed attack surfaces, especially identity-based attacks that utilise compromised credentials, this framework has been developed. According to this new policy, which was published at the beginning of 2023, UK NHS organisations are required to make every reasonable effort to comply as soon as possible.
Who does the MFA Policy Apply To
NHS trusts and foundation trusts
Integrated care boards
Arm’s length bodies of the Department of Health and Social Care
Commissioning support units in NHS England
Operators of essential services for the health sector in England as designated under the NIS Regulations
MFA Challenges for NHS Organisations
There is a lack of visibility within most NHS organisations regarding how privileged users are accessing critical assets, and which users and resources require MFA. Many critical NHS resources are legacy applications deployed into on-prem environments and are usually accessed remotely. Many legacy Electronic Patient Records (EPR) and on-prem health information technology systems were not designed to implement modern security controls such as MFA.
According to Microsoft, multi-factor authentication (MFA) can prevent more than 99.9% of account compromise attempts. Despite the fact that MFA is the ideal solution to prevent identity-based attacks in theory, its usability and flexibility challenges create friction during the adoption process by medical professionals. In healthcare environments, this can result in potential system failures.
The Solution: Silverfort's MFA and Unified Identity Protection Platform
Silverfort enables NHS organisations to deploy MFA protection to all environments and resources in the Cloud or On-Prem without the need for agents or proxies. Furthermore, Silverfort empowers NHS Organizations to seamlessly integrate with existing IAM & MFA solutions, extending these tools (such as Azure MFA) to NHS resources and access interfaces across on-prem and multi-cloud environments. This includes resources that couldn’t be protected with MFA before, such as medical legacy devices and applications, IT infrastructure, and more.
Silverfort analyzes the context of each user (or service account) access request, leveraging Silverfort’s risk engine. It then applies the appropriate access policy. This process can stop an attacker from moving laterally and running a successful ransomware attack. By enforcing MFA at the identity level, it creates another layer of security against incoming identity attacks.
