The healthcare industry is poised for a cybersecurity transformation, with passwordless authentication at the forefront. Utilizing passkeys and biometrics improves user experience and significantly strengthens data security against contemporary threats such as credential stuffing and MFA fatigue.
So says Phil Englert, VP of Medical Device Security at HEALTH-ISAC, adding that the urgency to access medical data for patient care makes healthcare institutions particularly vulnerable to ransomware attacks that deny access to critical data or data breaches leaking sensitive personal information, including medical histories, Social Security numbers, and insurance details.
“Cybercriminals also target medical devices, Internet of Things (IoT) technologies, and third-party vendors to exploit weaker security controls and practices to access sensitive data or systems,” he explains.
According to Englert, passwordless authentication methods are being implemented across the healthcare sector, driven by the need for more robust security, improved user experience, and streamlined workflows. “Given the diverse technologies, clinical settings, and applications, these technologies help protect sensitive data while improving clinical workflows and supporting better patient outcomes.”
This, he says, is because clinical environments are challenging for all authentication methods. Personal Protective Equipment, or PPE, can thwart traditional biometric methods. Fingerprints cannot be read through gloves, face masks deny facial recognition techniques, and face shields challenge optical recognition systems.
Regarding the technologies currently used by providers, Englert says these include using mobile devices as a secure token for two-factor authentication to reduce reliance on traditional passwords and provide a user-friendly experience. Another well-known healthcare provider introduced a single sign-on (SSO) system integrated with biometric verification, allowing staff to use fingerprint scans to access multiple systems with a single login.
Moreover, he says healthcare systems have adopted smart card technology using smart cards and personal identification numbers (PINs) to make it more difficult for unauthorized users to access electronic health records and other critical systems. “Yet another healthcare system integrated fingerprint and facial recognition technologies into its systems, as biometric data is unique and challenging to replicate. Finally, one healthcare provider integrated FIDO2 (Fast Identity Online) authentication standards with hardware security keys or biometric data, adding a robust layer of protection and reducing the risk of phishing and other password-based attacks.”
When asked about the future of healthcare cybersecurity and the role of passwordless authentication in creating a more secure and efficient digital healthcare environment, he says it will increasingly rely on advanced technologies like passwordless authentication to protect against evolving cyber threats.
“By adopting these methods, healthcare organizations can create a more secure and efficient digital environment, ensuring the safety of patient data and maintaining trust in healthcare services. As the healthcare sector continues to innovate and digitize, robust cybersecurity measures will be essential in safeguarding sensitive information, ensuring the availability of medical technologies, and supporting high-quality patient care,” Englert concludes.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.