The authentication model adopted by many healthcare institutions is dated and vulnerable and violates the promise of trust that these institutions provide to their patients. Access to health information linked to the authorized individual and biometric authentication may be the best answer. This convenient authentication technology could mean those responsible for securing electronic health records (EHR) are about to see the last of passwords and proximity cards.
After all, the healthcare industry has seen more than its fair share of change. Less than a decade ago, virtually all patient information resided in paper charts stored in a records room. Patients (and, at times, even their caregivers) rarely had access to these records, and records were difficult to transfer from one facility to another. Today, thanks to regulations and the rapid advance in digital technologies, the adoption rate of EHR has risen dramatically. This shift during the past five years has created tremendous pressure to ensure that patient data is readily accessible anytime and from any location within the hospital.
Unfortunately, ready access to data has outpaced secure methods to protect access to the data. These methods, such as username/password pairs or even proximity cards, are antiquated, overly complex to administer and lack a sufficient security model to protect sensitive and confidential patient data. And let’s face it: these solutions were never designed to meet today’s security needs and threats.
Biometrics figures to play an ever-increasing role in securing the physical and logical assets of healthcare organizations.
Hospitals Need 2-Factor Authentication
The accelerated use of electronic data for health records, prescriptions, drug interaction checks, clinical decision support and myriad other systems has created a new problem: the need to validate the identity of the person who is requesting access with the right level of assurance at all points of access. Enterprise single sign-on systems and EHR suite vendors have improved clinician workflow by binding disparate username and password systems to a single log-on event using one username and password.
However, everyone knows the username/password model is not secure. From Bill Gates’ proclamation in 2004 that the password would soon meet its death to the constant barrage of password-related security breaches at top companies such as LinkedIn and Yahoo! to examples of remote breaches, such as in the state of Utah, where the healthcare information of more than 780,000 Medicare patients was accessed through the use of hacked usernames and passwords, it’s astonishing and frightening to think of the modern systems that still rely on this archaic technology.
In fact, studies have shown that the healthcare market suffers from abnormally high breaches and associated costs. The majority of attackers gain initial access by exploiting guessable passwords or through brute force “dictionary” attacks. If the username/password model is insufficient for today’s threats and single sign-on systems tie multiple passwords to a single identity, haven’t the risks grown exponentially?
To minimize this risk, two-factor authentication has become a necessity and is now generally being adopted. Two-factor authentication is the combination of two out of the three possible methods (something you know, something you have and something you are). One basic example is ATM access that requires a card (something you have) and a PIN (something you know).
Within the healthcare provider setting, the two authentication factors most commonly used to secure data are the proximity card that the clinician already uses to access the facility and a PIN or password. To logon, all the clinician needs to do is tap a card and type a PIN. The problems mentioned above seem to be solved: the reliance on a username/password pair is diminished, information is accessible, workflow is enhanced and a record is created that links the authentication request to the access of the data.
But what sacrifices have been made to make access to data this simple? Has security been sacrificed to ensure rapid clinician adoption? Unfortunately, using a prox card plus a password is not as secure as people may hope.
Why Prox Cards Can Be Problematic
Authentication with an RFID proximity card and a password is better than a username and password, but it is far from secure. Prox cards have been in use for more than 30 years for physical access control and are now used to authenticate to networks and single sign-on systems. That technology was simply extended for the new use case. But is it really the best choice for logical access control in health-care settings?
Proximity cards use a static number (known as a card serial number, or CSN) sent over the air, unencrypted, to a reader. This number is correlated to a user’s identity. In other words, the static CSN acts as a username and, with the password or PIN, the two are used to unlock a user’s desktop or single sign-on session. In combination with a static CSN, newer RFID contactless cards offer the capability to write and store data on a card, encrypt data at rest and in transit, and securely exchange this data.
