In a 2013 HIMSS global security survey of 674 frontline healthcare workers (Workarounds in Healthcare, a Risky Trend), too many layers of login was cited by 36 percent as a key driver compelling the use of risky workarounds, which are out of compliance with policy, to get their jobs done. An example of a workaround could be a file transfer app on a personal device used to transfer sensitive healthcare data unencrypted.
Single Sign-On (SSO) is a natural solution to this, reducing the total number of logins required for healthcare workers to do their job “the right way,” in compliance with policy, avoiding compelling them to resort to risky workarounds. However, as more healthcare systems are integrated behind a single sign-on solution, the risk and specifically the business impact of a compromised set of credentials increases. For this reason single-sign on is often combined with stronger multi-factor authentication.
A key take-away from the HIMSS survey is that usability is more than a “nice to have,” directly impacting non-compliance and risk. BYOD, social media, apps and other trends are empowering healthcare workers with more tools than ever before, and this research shows that if IT departments, solutions or security gets in the way, healthcare workers can and do use workarounds to get their job done.
Usability issues with multi-factor authentication, and specifically separate hardware tokens are well known. People lose them, break them, don’t like them (especially if they need multiple of them), and separate hardware tokens are often associated with increased TCO (Total Cost of Ownership) due to support and provisioning costs. Intel® Identity Protection Technology provides a strong 2-factor authentication solution without a separate hardware token, thereby avoiding the usability, support and TCO issues with separate hardware tokens.
The “what you have” in this case is the Intel® IPT capable mobile device that gets provisioned by the healthcare worker as a secure terminal for accessing healthcare solutions and sensitive patient information. Here’s how this works: in the event that the healthcare worker’s username/password credentials are compromised, and an impersonator tries to use these stolen or lost credentials to access the healthcare solution, the login will fail and they will be blocked since they don’t have the Intel® IPT capable mobile device that was previously provisioned by the healthcare worker as a secure terminal.
Combining SSO with Intel® IPT combines both the usability benefits of a reduced number of logins, as well as the usability benefits of a multi-factor solution that does not require a separate hardware token, for a stronger and more usable healthcare security solution.
What issues are you seeing with too many layers of login in your healthcare organization, and are you looking at single sign on solutions with multi-factor authentication?