In our recent survey on managing digital identity authentication, executives from provider and payer organizations identified their top three priorities for identity verification and authentication management heading into 2022.
In 2020, 61% of healthcare data breaches were due to external threat actors and 39% were caused by insiders. Payers and providers have indicated that addressing both external and internal threats are in their top 3 priorities for Identity Access Management.
1. Securing Member/Patient Portal Login
Hackers see PII and PHI as very valuable. On the black market, a healthcare record may be valued at up to $250 compared to the next highest value of $5.40. Most patient portals are secured only by a password, which may or may not be “secure.” Weak passwords open the door to account takeovers.
2. Securing Data Access Via Mobile Apps
Apps can be easy to hack. In a recent healthcare app test, 50% had hardcoded API keys and tokens that would enable hackers to attack the APIs. FHIR/SMART standards aren’t enough. It is only a part of the security needed to secure mobile apps and the APIs if retrieving data and using data resources and other applications.
3. Securing Employee System Access
Since the pandemic, more healthcare services have shifted to remote service with employees accessing HIPAA protected data and company networks leveraging unsecured Wi-Fi, clicking on compromised links etc. that leave healthcare systems vulnerable to cyber fraud. 18M patient records were impacted by ransomware attacks in 2020, a 470% increase from 2019.
Effective Digital Identity Management Is Crucial
Building an adequate security strategy to protect patient data and internal systems from bad actors is a growing challenge for healthcare leaders, but the risk of not doing so is costly. The average healthcare data breach now costs $4.24M per incident, according to the 2021 Cost of a Data Breach Report
A multi-factor approach to cybersecurity can address evolving security vulnerabilities. An effective solution includes a combination of verification and authentication such as device authentication, identity proofing/authentication, phone and email verification. Putting up the right defenses will protect private member/patient data and internal systems from cyberattacks before and as they are happening.
To learn how other healthcare organizations are combating cyberattacks, read our full digital identity study.