Healthcare Organizations Too Confident in Cybersecurity
According to a survey of 100 healthcare professionals from hospitals to physician group practices, more than half of respondents are highly confident in the cybersecurity of their patient portals.
The State of Patient Identity Management report, published by LexisNexis® Risk Solutions, revealed that healthcare organizations (HCOs) have great confidence in their cybersecurity preparedness. While confidence in their cybersecurity is high, the survey also found that most organizations are only using basic authentication methods despite the growing number of data breaches in which patient identity has been compromised.
The survey found that 93% of HCOs rely on username and password authentication for patient portals, yet only 65% deploy multi-factor authentication. The results continued to dwindle when respondents were asked about addition authentication methods, according to a press release.
Only 39% of HCOs reported using a knowledge-based Q&A for verification and only 38% use email verification. However, as little as 13% deploy device identification.
Respondents are confident in the strength of their cybersecurity, yet 65% reported that their individual state budgets for patient identity management will not increase in 2019, according to the press release.
"There are some surprises in the results, particularly the higher than expected confidence that organizations have in regards to the security of their patient portal and telemedicine platforms given that only 65% deploy multi-factor authentication," said Erin Benson, director of market planning for LexisNexis Health Care.
"Multi-factor authentication is considered a baseline recommendation by key cybersecurity guidelines. Every access point should have several layers of defense in case one of them doesn't catch an instance of fraud. At the same time, the security framework should have low-friction options up front to maintain ease of access by legitimate users."
The report findings suggest that traditional authentication methods are insufficient, multi-factor authentication should be considered a baseline best practice and the balance between optimizing the user experience and protecting the data must be achieved in an effective cybersecurity strategy, the press release said.
Source: Information Security Magazine