LexisNexis Risk Solutions announced the results of its online survey, in collaboration with the Information Security Media Group (ISMG), that investigated the cybersecurity trends in healthcare on Thursday.
The results showed that 58 percent of people believe that the cybersecurity of their patient portal is above average compared to others. In addition, 93 percent use their username and password as their patient portal authentication method, and 65 percent report their individual state budgets or patient identity management won’t increase in 2019.
The survey included responses from more than 100 participants from healthcare organizations (HCOs), including hospitals, physician group practices and payers in early 2019. The top three cybersecurity takeaways of the report are as follows:
Traditional authentication methods are insufficient: As a result of many healthcare data breaches, hackers have access to legitimate credentials; users are also easily phished. Therefore, traditional username and password verification are considered an entry point, not a barrier, and alone cannot be relied upon to provide a confident level of security.
Multifactor authentication should be considered a baseline best practice: HCOs should rely on a variety of controls, ranging from knowledge-based questions and verified one-time passwords to device analytics and biometrics to authenticate users based on the riskiness of the transaction. The more risky the access request is, the more stringent the authentication technique should be.
The balance between optimizing the user experience and protecting the data must be achieved in an effective cybersecurity strategy: HCOs need to make it easy for patients and partners to access records while ensuring adequate data protection. To do this, an HCO's cybersecurity strategy should layer low to no-friction identity checks up front, making it easier for the right users to get through and layer more friction-producing identity checks on the back end that only users noted as suspicious would complete.
"There are some surprises in the results, particularly the higher than expected confidence that organizations have in regards to the security of their patient portal and telemedicine platforms given that only 65% deploy multifactor authentication," said Erin Benson, director, market planning, Healthcare, LexisNexis Risk Solutions.
"Multifactor authentication is considered a baseline recommendation by key cybersecurity guidelines. Every access point should have several layers of defense in case one of them doesn't catch an instance of fraud. At the same time, the security framework should have low-friction options up front to maintain ease of access by legitimate users."
About LexisNexis Risk Solutions
LexisNexis Risk Solutions harnesses the power of data and advanced analytics to provide insights that help businesses and governmental entities reduce risk and improve decisions to benefit people around the globe. We provide data and technology solutions for a wide range of industries including insurance, financial services, healthcare and government.