Dual-factor authentication

Why dual-factor authentication is the new gold-standard for healthcare:

Dual-factor authentication is fast becoming an IT security best practice in the healthcare industry. An increasing number of cybersecurity threats and high-profile data breaches, such as the 2015 Anthem attack, have drawn public scrutiny to healthcare cybersecurity practices. In response, healthcare IT leaders are turning to dual-factor authentication (also known as two-factor authentication or multifactor authentication) as their strong authentication method of choice.

How dual-factor authentication works:

Dual-factor authentication requires users to provide two forms of identification to access patient data. These forms, or factors, should include a combination of two of the following:

  • Something you know – such as a username and password combination
  • Something you have – such as a mobile device, a soft token, or a hard token
  • Something you are – such as a fingerprint scan

By adding two layers of authentication security, dual-factor authentication helps protect sensitive patient identifiers and patient data by doubling the hacking difficulty for cyber attackers. But, in order to reap the full extent of dual-factor authentication’s benefits, healthcare applications need to be designed to increase convenience for users, not just increase security for IT.

Why healthcare requires a unique approach to IT security:

User-friendly dual-factor authentication is a unique challenge for the healthcare industry because, in order to provide effective patient care, healthcare providers need to be able to access relevant patient data quickly and conveniently. If clinicians cannot remember their complex passwords, or cannot copy their token codes correctly, they lose valuable time which they could spend treating their patients. Other highly-sensitive industries, such as banking, do not require the same user convenience for their authentication methods, because their users do not need to authenticate as often, or as quickly, as healthcare users need to.

How strong authentication technologies can meet healthcare’s special security needs:

In order to maximize the security and minimize the inconvenience of dual-factor authentication, healthcare IT vendors need to design authentication methods to actively complement clinical workflows. The most important clinical workflows that require dual-factor authentication include:

Electronic prescribing of controlled substances (EPCS): due to the powerful nature of controlled substances, the DEA requires multi-factor authentication for EPCS.

Medical device access: many medical devices collect sensitive patient information that healthcare IT leaders are choosing to protect with strong authentication methods.

Remote access to networks and cloud applications: providers often need to access patient data from their home computers or personal devices, requiring special out-of-network authentication measures.

The Imprivata dual-factor authentication solution:

Imprivata Confirm ID™ is the comprehensive identity and multifactor authentication platform for fast, secure authentication workflows across the healthcare enterprise. Imprivata Confirm ID is a single, centralized solution that enables remote and on-premise users to transact with patient health information securely and conveniently. 

  • Hands Free Authentication, a wireless solution that retrieves and verifies a one-time password from an application on a mobile device, even if the device is locked and/or in a user’s pocket
  • Push token notification, a fast, convenient mechanism for enabling user authentication from a mobile device with the simple press of a button
  • Fingerprint biometrics, including options that meet FIPS-201 Personal Identity Verification requirements, which is a DEA requirement for multi-factor authentication for EPCS
  • SMS, which gives users who do not have push token functionality a convenient alternative for authentication for remote access and other workflows
  • Conventional hardware and software tokens
  • Usernames and passwords
  • Proximity cards

To improve your organization’s cybersecurity and increase your clinicians’ productivity with convenient multifactor authentication, request a demo of Imprivata Confirm ID.
 

Featured Resources

 
20 Practical Tips on Single Sign-On
Choosing the right two-factor authentication solution for healthcare

The healthcare industry is facing significant security risks from hackers around the globe, and care providers find themselves in the midst of a cybersecurity war to protect patient health information. Fortunately, strong authentication can help combat the majority of these targeted cybersecurity incidents.

Evaluation Tool for SSO Vendors
Combat phishing attacks and other security threats with strong, two-factor authentication

Phishing and other attacks continue to expose patient records, hospital financial data, and other sensitive information. Implementing strong, two-factor authentication across all healthcare workflows can combat these threats, helping to ensure that only authorized, trusted users can access applications and information.

Evaluation Tool for SSO Vendors
Avoid becoming the catch of the day: Four steps to combat phishing attacks

Phishing has emerged as the top security threat facing healthcare organizations, yet many organizations are not prepared to defend against these attacks. This whitepaper outlines four steps that you can take to help safeguard your environment against phishing attacks.

Request a Demo
Request a Demo

Request a demonstration and learn more.