First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content
FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Providers place inordinate trust in patient identity practices

Providers may be placing too much trust in cybersecurity practices that are not sophisticated enough to deter high-level attacks by hackers.

That’s the result of a survey of 100 participants from healthcare organizations, which found discrepancies in cybersecurity preparations and actual marketplace reality.

The research, by vendor LexisNexis Risk Solutions, found that providers have high levels of confidence in their cybersecurity preparedness despite using only basic user authentication methods in the face of an increasing number of patient identity thefts and fraud.

For example, nearly 60 percent of respondents believe security of their portal is above average or superior, compared with protections used on other portals. Further, 93 percent of organizations are using a simple user name and password approach to authenticate those accessing the patient portal.

Only 65 percent use multifactor authentication, and 13 percent use device identification software. More than two-thirds expect their budget for patient identify management won’t increase this year.

Erin Benson, director of market planning at the company is surprised at the security confidence many provider respondents display about their portal and telemedicine platforms, particularly because so many of them are not using authentication software.

“Multifactor authentication is considered a baseline recommendation for cybersecurity guidelines,” she notes. “Every access point should have several layers of defense in case one of them doesn’t catch an instance of fraud. At the same time, the security framework should have low-friction options upfront to maintain ease of access by legitimate users.”

In a report, available here, LexisNexis emphasizes three core cybersecurity cautions:

  • Traditional authentication methods are insufficient. The result of so many healthcare data breaches means hackers already have access to legitimate credentials and users are easily phished to get more. That means traditional username and password verifications are considered an entry point, not a barrier.
  • Multifactor authentication should be considered a baseline best practice supplemented with a variety of controls that include knowledge-based questions and verified one-time passwords, to device analytics and biometrics to authenticate users based on the risk of the transaction. The more risk the access request is, the more stringent the authentication technique should be.
  • Providers must find a balance between optimizing the user experience and protecting the data to support an effective cybersecurity strategy. The strategy should layer low- to no-friction identity checks upfront, making it easier for the right users to get through and layer more friction-producing identity checks on the back end that only users noted as suspicious would complete.

 

This article was written by Joseph Goedert from Health Data Management and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

Subscribe for Insights

Subscribe