Improperly managed privileged Active Directory accounts can introduce significant risk to healthcare organizations. There are several types of privileged accounts, including service accounts and administrator accounts. These accounts are valuable targets for attackers due to management difficulties and the level of access they provide. When managing privileged accounts, pause to consider the following:
Are your service account policies restrictive enough?
Service accounts should reside in a separate OU than other accounts and have GPOs applied to increase security. One example would be applying a GPO to service accounts that restrict interactive log in. Service accounts should not be used by users to log into systems interactively.
Do your IT administrators have dedicated accounts for managing systems?
With the increase of advanced techniques for compromising credentials, your IT teams should have a reduced privileged account for everyday activities like checking email and a dedicated privileged account for managing networks and platforms. These dedicated accounts should have additional protections, such as a stronger password policy and the requirement to use multi-factor authentication when managing systems. One way to solve this issue is by requiring admins to manage the domain using third-party tools that allow for more granular permissions in Active Directory.
Is your default policy to grant domain admin rights to service accounts and vendor support accounts?
It’s vital to review service account and vendor account requests for privileged access and document why that level of access is required. Often, only local administrator privileges, plus a handful of additional tasks, are needed to complete the job. Periodically audit privileged access groups to ensure stale and unneeded accounts are removed and disabled. Setting vendor accounts to automatically expire at the end of the contract date is an easy way to limit stale accounts in your environment.
Fortified Health Security is committed to strengthening the security posture of healthcare organizations. In the spirit of Cybersecurity Awareness month, we will be posting daily information for you to consider when maintaining your organization’s cybersecurity program.