News Feature | August 3, 2016

Strong Passwords Not Enough To Protect Healthcare

Christine Kern

By Christine Kern, contributing writer

Strong Healthcare Password

Two-factor authentication provides reliable protection of patient information.

The Health Information Technology for Economic and Clinical Health Act (HITECH) brought a sense of urgency to healthcare providers when it comes to securing protected patient health information (PHI), particularly when combined with the privacy and security regulations put into effect under the Health Insurance Portability and Accountability Act (HIPAA).

And as hack after hack has compromised personal data, particularly as use of mobile devices becomes more prevalent, healthcare has not remained unscathed. Simply urging people to ditch their weak passwords for stronger passwords isn’t enough anymore. People need to be using other available tools such as password managers or two-factor authentication features among other things.

CSO Online recently noted, “Security risks and data breaches are growing while the form factors of computing devices shrink — because much enterprise data today is created and consumed on mobile devices. This clearly explains why mobile security persistently tops the list of most pressing enterprise security concerns.”

Security experts caution that relying on single user authentication methods still leaves devices and data vulnerable to breaches and other cyberattacks. Implementing multi-factor authentication can help limit access to authorized users.

In fact, two-factor authentication is one of the risk management strategies outlined by the Department of Health and Human Services (HHS) within the HIPAA Security Rule recommendations. The guidance states, “Implement two-factor authentication for granting remote access to systems that contain ePHI. This process requires factors beyond general user names and passwords to gain access to systems (e.g., requiring users to answer a security question such as ‘Favorite Pet’s Name’.”

Of course, not all two-factor authentication solutions are created equal, as demonstrated, and healthcare CIOs and IT security staff face obstacles such as usability issues, large scale deployment issues, and administrator support headaches among the challenges of finding the right fit.

“Two factor-authentication is the most reliable way to protect privacy while maintaining patient confidentiality and confidence. Healthcare providers are facing stricter and stricter HIPAA compliance enforcement, but 2FA can help them both solve and scale their security needs while better serving their customers,” Marc Boroditsky, VP and GM of Authy, a Twilio service, wrote in an email.

By streamlining a two-factor authentication solution to fit your healthcare organization’s particular needs, you can achieve major security and compliance benefits, and you will find that the ROI on this investment is high.