Protecting healthcare data with strong authentication as standard

Healthcare providers are now a prime target for cybercriminals and with the lack of control over protected healthcare information (PHI) once breached, need safeguarding more than ever.

The Health Information and Portability Accountability Act (HIPAA) is intended to help protect information on 328m citizens held by U.S. healthcare providers by ensuring organisations comply to a set of standards.

With weak/stolen passwords being the cause of more than 80% of data breaches, increasing authentication security practices is an excellent way for healthcare providers to minimise the threat posed by cybercriminals and help ensure compliance with HIPAA PHI privacy and security rules.

How one healthcare provider has implemented strong authentication as standard

With operations across 50 states, serving more than 127 million patients in the community and across four out of five U.S. hospitals, the healthcare provider’s IT team are responsible for protecting millions of peoples’ sensitive healthcare data.

Already using strong two-factor authentication, managed by MyID software, the IT team were conscious that their 2FA approach was not universal.

Smart cards were provisioned to thousands of healthcare professionals, however those working in the community and conducting home visits were using a mix of tablet and laptop technology. Principally used in desktop settings, smart cards weren’t a good fit for more than 7,000 employees.

Recognising the importance of providing an alternative strong authentication means besides smart cards, the healthcare provider’s IT team took advantage of the interoperability of their MyID credential management software to issue credentials to YubiKeys for 7,000 employees.

YubiKeys deliver ease of use and reliable hardware-backed security to the healthcare provider’s employees, enabling them to securely log in to their desktops and laptops by inserting their YubiKey into a USB-A or USB-C port and entering a PIN to authenticate. This secure means of authentication enabled employees to access all of the systems necessary as part of their role.

With a significant share of employees operating Macbooks, the ability to use YubiKey 5 Series keys across both Macs and PCs for 2FA was a significant benefit, particularly as end-point protection options for Mac devices are limited.

MyID provides all of the request, issuance, update, and unlock features required to deploy certificates to YubiKeys and manage their lifecycle.

Intercede’s Professional Services team made integrating MyID into the existing identity ecosystem simple, saving time and money.

The self-service element of MyID also means that the healthcare provider is able to make lifecycle credential management simple and easy for their employees,  resulting in reduced training requirements, reduced cost of operations and faster time to deployment.

If you’re interested in finding out how MyID can help you move to strong authentication as standard, contact us now using the form below and arrange a demo of our software.

You can also download the full healthcare strong authentication use case here.