The healthcare sector is leaking data; biometrics could help plug the holes

While it is true that reporting on biometrics often revolves around costly fraud cases or massive data breaches, part of the reason is that breaches keep happening. In the healthcare sector, which processes huge volumes of sensitive personal information, any leak can expose reams of data, and rack up significant costs. Take the cyberattack on Change Healthcare in February of 2024, in which hackers demanded (and got) a ransom of $22 million to release 6TB of sensitive data pulled from medical records.

Now, according to new research from software provider Censys, more than 14,000 unique IP addresses around the world have been found to be exposing patients’ potentially sensitive medical information on the public internet. Nearly half of them are in the U.S., with another ten percent in India.

Per the report by researcher Himaja Motheram, “open DICOM (Digital Imaging and Communications in Medicine) ports and DICOM-enabled web interfaces intended for exchanging and viewing medical images account for 36 percent of the exposures, with 5,100 hosts publicly exposing these systems. This is concerning because DICOM is a legacy protocol with several known security weaknesses” – including often allowing access to their connected databases of images without authentication.

EMR/EHR systems for storing and managing electronic health records account for another 28 percent of exposures, with 4,031 interfaces publicly available. Of those, 3678 originated in the Epic EMR, which is rare among EMRs in that it supports multi-factor authentication (MFA). The exposure rate is reflective of its scale and centrality to the U.S. healthcare sector. More than 250 million patients have an electronic health record registered with Epic, representing more 75 percent of all patients in the U.S.

The size and complexity of healthcare networks in both the U.S. and India means security standards are often inconsistent from region to region, or hospital to hospital. Per the report’s conclusion, “the critical importance of implementing robust access controls, such as multi-factor authentication, is hard to exaggerate.”

Biometrics part of the solution to healthcare sector’s data woes

A recent blog from HID’s Chris Neely explores how biometric technology has emerged as “a powerful tool for securing access across various points of contact while streamlining operations, paving the way for a safer and more efficient healthcare environment.”

“Traditional methods like passwords, PINs and keycards are vulnerable to theft, loss and misuse,” the blog says. “They also fall short in providing the level of assurance needed in healthcare environments where mistakes or fraud can have life-altering consequences.”

Neely says biometric technology, particularly facial identification and verification, is “a game-changer” for high-stakes, compliance-based healthcare environments that process huge quantities of data. He cites access to controlled substances and patient data security as example use cases for facial recognition.

“Integrating facial recognition technology into patient check-in systems links a patient’s biometric data to their medical records from the outset. This integration ensures that the correct records are always retrieved for each patient, minimizing the risk of errors and improving the overall quality of care.”

“The implementation of facial recognition technology in the healthcare industry goes beyond simply protecting assets,” the blog says. “It fosters a safer and more efficient healthcare environment.”

HID has published a free e-book on how to improve patient outcomes and reduce medical fraud with facial recognition.

AllClear ID app aggregates health records, uses AI to curate care

AllClear ID says it has launched “the world’s first digital health bank.” A release says the Health Bank One app “combines a patient’s medical records with AI to produce personalized insights for everyone involved in their care.”

“Today, corporations control our medical data and limit access to medical expertise to just 17 minutes per visit,” says Allclear ID CEO Bo Holland. “During my son’s experience with brain cancer, it became clear that this way of sharing information was defective. Health Bank One puts patients back in control by simplifying health record retrieval, organizing their records into a secure health summary, and providing AI-generated explanations and insights.”

The Health Bank One app collects an individual’s electronic and hard-copy medical records and images and consolidates them into a single, digitized account encrypted with mobile biometric authentication. Put another way, it provides “a longitudinal record of a patient’s medical history with patient-consent.”

It even offers an AI chatbot assistant, currently powered by GPT-4. Per the release, “Care Guide provides Personalized Medical Intelligence by decoding medical jargon and analyzing an individual’s medical records to give real-time answers to questions about diagnoses, test results, prescribed courses of treatment and more.”

Health Bank One is available through the Apple store or Google Play. A subscription costs US$14.95 per month.

Article Topics

biometrics  |  CLEAR  |  digital ID  |  face biometrics  |  healthcare  |  HID  |  patient identification