CareBrain Identity Risk

CareBrain Health System — Identity Risk Dashboard

This dashboard summarizes identity and access risks discovered during the initial security assessment.

Identity Risk Metric	Current Count	Risk Level	Recommended Action
Total Simulated Identities	118,000	Informational	Maintain centralized identity inventory
Privileged Users	1,240	High	Review and reduce privileged access
Privileged Users Without MFA	312	Critical	Enroll all privileged users in MFA immediately
Terminated Active Accounts	46	Critical	Disable accounts and fix JML process
Vendor Accounts	380	High	Implement vendor access review
Vendor Accounts Without Expiration	122	High	Require expiration dates and sponsor approval
Excessive Access Cases	2,850	High	Launch access certification campaign
High-Risk Users	620	Critical	Prioritize review based on privileged access and MFA status

Finding	Business Impact	Priority	Control Recommendation
No MFA for all privileged users	Increases chance of administrator account takeover	Critical	Implement MFA and conditional access
Terminated users still active	Former workers may retain system access	Critical	Automate joiner-mover-leaver deprovisioning
Vendor accounts lack expiration	Third-party access may remain active after contract ends	High	Require account expiration and quarterly vendor review
Excessive access	Users may access systems not needed for their role	High	Implement RBAC and quarterly access reviews