HHS, DISA Assured Identity pilot aims to protect healthcare data with biometrics and behavior authentication
The U.S. government’s Department of Health and Human Services (HHS) is developing biometric and behavior-based authentication for employees in partnership with the Defense Information Systems Agency (DISA), MeriTalk reports.
The partnership was foreshadowed by HHS CIO Jose Arrieta during the summer, and discussed by CISO Janet Vogel at the recent Digital Government Institute’s Cybersecurity Conference and Expo: Women Leaders in Cyber.
Vogel notes that locking down data is an everyday concern at HHS, and that 7 million healthcare records had been exposed by the agency in 2018. Recovery costs for each breach can reach $6.2 million, according to the report. Managing a staff of 87,000 people can make it difficult, however, to secure endpoints. The Assured Identity pilot program has been developed by HHS and DISA to meet this challenge.
Assured Identity goes beyond two-factor authentication and strong password management practices to include factors such as how a phone is held, facial recognition, thumbprints, heart rate, and interactions with applications. HHS and DISA are still researching these methods, Vogel says, but securing funding to implement their chosen ones could yet be an issue.
“In security, you’re successful if nothing happens. It’s hard to make the argument for investment in cybersecurity until something bad happens,” Vogel points out.