Healthcare organizations relying on legacy patient identity management technologies
More than half of healthcare organizations (58 percent) consider their patient portals to have above average or superior cybersecurity, despite a seeming lack of biometric implementation, with 93 percent relying on usernames and passwords as their authentication method, according to a new survey from LexisNexis Risk Solutions.
Nearly two-thirds of healthcare organizations (65 percent) report that their individual state budgets for patient identity management will not increase this year. The same number report the use of multi-factor authentication, with 39 percent using knowledge-based questions for verification, 38 percent using email verification, and 13 percent using device identification, according to “The State of Patient Identity Management” report.
LexisNexis notes that other reports have shown healthcare breaches increased by 5 percent in 2018, to reach 15 million patient records, which is three times more than in 2017. Botnets and crypto mining are also considered threats for healthcare organizations.
“There are some surprises in the results, particularly the higher than expected confidence that organizations have in regards to the security of their patient portal and telemedicine platforms given that only 65 percent deploy multifactor authentication,” comments Erin Benson, director, market planning, Healthcare, LexisNexis Risk Solutions. “Multifactor authentication is considered a baseline recommendation by key cybersecurity guidelines. Every access point should have several layers of defense in case one of them doesn’t catch an instance of fraud. At the same time, the security framework should have low-friction options up front to maintain ease of access by legitimate users.”
The top cybersecurity takeaways from the report, LexisNexis says, are the insufficiency of traditional authentication methods, that multifactor authentication should be considered a baseline best practice, and that the balance between optimizing user experience and protecting data is necessary to any cybersecurity strategy.
A reliance on legacy IT systems and insufficient access controls were found to be among factors exposing healthcare systems to data theft by a recent report from Vectra, and biometric patient matching technology has been suggested as a way to promote interoperability.