Goodbye, Data Breaches. Hello, MFA.

Multi-factor authentication (MFA) has quickly become a part of everyday life — and with good reason! Despite the risks inherent in reusing passwords, most people admit to doing it. (And hackers love it!) MFA boosts security by adding a second authentication step. For example, your bank may ask for a second verification when you log in from a new device; new phone apps downloaded may require you to confirm a code sent by text after registration.

Steep Investments, High Stakes

In the healthcare industry, MFA is used to protect sensitive data information from fraudulent or unauthorized access. Advanced healthcare MFA solutions can seem costly, but data breaches are much costlier, both in terms of reputation and monetary impact. Take, for example, the case of an important hospital in the Netherlands, which was fined €460,000 for privacy breaches, when it was revealed that dozens of unauthorized staff members had accessed the medical records of a hospitalized TV reality star. In this case, the hospital was found to be in violation of the General Data Protection Regulation (GDPR), due to its failure to implement MFA and to routinely check access logs for unauthorized access to files.

Such cases show just how essential it is ­­— in the interest of patients and institutions alike ­­— to implement a complete user authentication solution (with strong identity authentication and verification) to avoid security breaches and ensure maximum confidentiality. Robust solutions for the healthcare industry need to provide several key features:

• Logical access protection solutions based on RFID readers and modules, smart cards, tokens and mobile apps — Doctors and nurses should be able to activate each session during which they will access data, using a simple, secure means
• Confidential registration of medicines, inventories and deliveries — Registration and tracking must be possible without unauthorized access to this data
• Tracking of visits for doctors (tracking sessions) — As you may recall from the cautionary tale of the Dutch hospital, healthcare institutions must have reliable means of tracking sessions and routinely reviewing access logs
• Tracking the use of equipment — RFID reader modules make it possible to track clinicians and patients using hospital equipment, such as dialysis machines

How Do We Get There?

HID offers numerous solutions to satisfy these stringent requirements. In fact, the fined hospital mentioned above chose to implement OMNIKEY® desktop readers and embedded modules to prevent future security breaches. OMNIKEY readers for MFA provide the authentication needed to ensure compliant tracking and security. Some options include:

• OMNIKEY 5022 — contactless high frequency smart card reader
• OMNIKEY 5422 — combining contact and contactless technology
• OMNIKEY 5427CK — used for hospitals who already have DESFire EV1/EV2/EV3 credentials

For more information or for help choosing the right option for you, please visit our healthcare showcase.

Christian is Director of Product & Program Management and responsible for the Embedded and Desktop RFID portfolio for the Extended Access Technologies Business Area, including iCLASS SE® Reader Module and OMNIKEY. He has two degrees in electrical engineering and business administration and more than ten years of experience in product management for different industries.