Skip to content

Success Story: Identity Governance in a Large Healthcare Organization

by Bob Giguere | December 13, 2024

Illustration by GCA showing a diagonal column of blue boxes in varying sizes and shades.

Many organizations describe their Active Directory as a mess or a disaster. If you feel the same way, you’re not alone. Read on to learn how GCA helped a large healthcare organization get their systems in order with identity governance tools.

What Is Identity Governance?

Identity Governance is the tool that assists organizations in running efficient access review campaigns. It can be described as a double-check process used to ensure that everyone has the access they need to perform their job function and nothing more. This level of access management is called “least privileged access.”

The Problem: A Manual Process

Before partnering with GCA, the healthcare organization used a weekly email to notify IT of all employees who left the organization that week. This process is not ideal for many reasons; it is a lengthy and manual process that exposes the company to HIPAA compliance risks.

In the ideal world, access is not left to a manual process heavily affected by human error. GCA worked with the healthcare client to create an IAM tool plan designed to manage terminations and automatically remove application access.

With Identity Governance, you can preview an access review campaign before it is sent out to the reviewers. During our initial audit, GCA noticed an excessive number of “unmapped” accounts for a particular hospital. Here, an “unmapped” account was an account that couldn’t be tied back to an active employee at the company. Typically, one would expect a handful of accounts to be “unmapped,” but there were close to 200 unmapped accounts in this case.

The PACS admin we were working with immediately recognized that something was wrong, and since we were on a call, GCA jumped right in to look at the data. The first user was in a container called “OU=Disabled Users 2017”. This project took place in 2020, so the PACS admin agreed that this user’s account should not be in their application.

After repeating the process with the other accounts in the data, we discovered a repeating pattern; these unmapped accounts were all disabled users who had left the organization years ago.

The Solution: A Thorough Review

GCA stayed on as our client’s partner to help them complete the review. Once each account was confirmed or removed, we ran a report to understand how many reviewed accounts has been removed.  Shockingly, 51.7% of the accounts were removed—they were linked to terminated employees.

Once the review was finished, GCA helped to put an end to the manual processes that caused more than half of the organization’s accounts to be overlooked during departure procedures. By installing IAM tools and automation, we helped ensure that terminated accounts are removed as quickly as possible without worrying about IT staffing or resources.