How to ease password pains while maintaining security
As much as any industry, healthcare must deal with a security landscape that is fraught with challenges and tensions. Health delivery organizations (HDOs) operate under constant threat of cyberattacks and ransomware attempts. Every year, they report an increasing number of breaches – and that was before the COVID-19 pandemic forced the industry pivot to telehealth and work from home (WFH). These “new normal” modes of work delivered myriad benefits to both patient and provider, but they also greatly increased the number of high-risk endpoints vulnerable to the ploys of cyber criminals.
Clearly, security is paramount for any HDO looking to succeed in this environment. This means implementing technology and other solutions that protect against any unauthorized entry to systems containing protected health information (PHI) and other sensitive data. Such measures typically control access through passwords – at every point of entry, for every device, for every user. Because a strong, complex password typically contains more than 16 characters, clinicians are continuously forced to remember and enter this security information.
At the same time, clinicians within those HDOs are focused primarily on providing care. They’re on the ground, dealing with the requisite security steps while delivering top-notch medical treatment to each of their patients. The internal IT team tasked with defending the HDO network understandably implements security systems that involve strong, complex passwords. The clinicians? They’re going to do what they must do – take short-cuts, set up workarounds for complex password requirements – to access the various applications and devices they need in the moment to treat their patients.
Therein lies the tension. Clinicians working in an urgent care setting will invariably prioritize expedience and convenience over security. This “security friction” is a well-known phenomenon in clinical settings, where safeguards established to defend against cyberattacks are often viewed as obstacles to patient care.
Addressing this tension prompts several difficult questions. Are these complex passwords truly necessary? Can IT teams remove the complexity from cybersecurity measures so clinicians can focus more time on patient care and less on passwords?
The answer to both questions is a resounding “Yes.” By using digital identity solutions, HDOs can indeed simplify the complex and strike that elusive balance between effective cybersecurity measures and workflow efficiency.
Are complex passwords even necessary?
Year after year, the number of cyber breaches in healthcare continues to grow. In 2020, the healthcare industry experienced an increase in breaches that topped 50 percent. What’s more, healthcare suffers debilitating setbacks when a breach occurs. A successful cyber attack can shut down a hospital for hours, days or even weeks, compromising the facility’s ability to provide for patients.
Cybersecurity is not just a direct patient safety measure – it’s also a bottom-line business issue for any HDO. That’s because hospitals that suffer a breach can incur dire financial losses. The average cost of a healthcare data breach is now $9.42 million; no other industry can match that dubious distinction.
Clearly, HDOs need comprehensive cybersecurity protection against the full range of data breach threats. It’s not enough to depend on firewalls – the key is controlling access to all data at each entry point.
The way to do that – at every point of entry, and with every device and every user – is through complex passwords. This is the foundational cybersecurity requirement for defending the HDO’s network against entry by unauthorized users seeking to access a hospital’s network. They’re more secure, and more difficult for cyber criminals to hack.
Alleviate the pain of complex passwords
Of course, the challenge with complex passwords is that they’re burdensome to clinicians, who in each day might log in to apps and workstations more than 70 times. HDOs can strike that magic balance between strong cybersecurity measures without disrupting clinical workflows by implementing a digital identity framework that is specific to the nuances of the healthcare industry.
This starts with finding the right technology solution. It should include single sign-on (SSO), which is a well-established way to dispense with manual password inputs while simultaneously enabling the implementation of more complex passwords for systems and applications. Bolster SSO with multifactor authentication, which provides additional security by making end users verify their identities in multiple ways before they are granted access to the system.
The beauty of this combination – seamless SSO plus multifactor authentication – is that the cyber protections are unseen by the end user. It makes clinicians happy because it reduces complexity, while still delivering muscular cyber protection. In short, it accomplishes the over-arching goal: balancing security and workflow efficiency.
Digital identity solutions simplify security for HDOs. They address the requirement for a comprehensive way to manage digital identities while delivering cyber protection against hackers. By implementing a unified security- and efficiency-focused strategy for managing digital identities across complex ecosystems, HDOs can strike that delicate balance of protection and workflow efficiency. The IT team is happy, and clinicians are happy.