As more and more devices are able to access secure network data in hospitals, fewer traditional solutions make the cut for cybersecurity.
Nick Owen, president of WiKID Systems in Atlanta: According to a study published in the Journal of Hospital Librarians, an estimated 85 percent of the U.S. healthcare workforce access patient records using personal mobile devices. The combination of mobile computing and Bring Your Own Device, outsourced services, the Internet, social media, cloud-based applications and virtual gateways to patient data create security risks and HIPAA compliance challenges that can't be addressed through traditional solutions. Stolen unsecured smartphones, tablets and laptops provide a direct path to patient data.
Two-factor authentication replaces password protection and adds another layer of protection for patient data by requiring two types of unique identification to access healthcare servers. 2FA is easier and more economical to implement than many think.
Software Tokens — 2FA solutions that use software tokens, a type of security authentication device, cost about half as much as hardware token-based 2FA by eliminating the need to buy a key, fob or USB stick for each employee. The upfront and replacement costs of these hardware devices add up. Software-based 2FA solutions instantaneously send a unique dynamically-generated code to the employee's computing device of choice — smartphone, tablet, laptop or desktop — when requested. With software-based 2FA, there's nothing to remember to bring, nothing to damage and nothing to lose.
Overcoming Objections — People never welcome change. To ease the transition from password protection, educate users on the benefits of 2FA and demonstrate how easy it is to use. While some software-based 2FA solutions self install on employees' devices, some IT professionals find providing a one-page handout with instructions for installation and use speed the adoption process.
Rolling it Out — To avoid any disruption to daily operations, many organizations roll out 2FA to groups over a period of time.
Healthcare organizations can take a major step towards protecting protected health information by replacing password systems with software-based 2FA. It is an economical and convenient way to verify identity and control remote access to patient records.