GlobalSign Blog

How to Make Multi-Factor Authentication Simple and Secure in the Health Services Industry

How to Make Multi-Factor Authentication Simple and Secure in the Health Services Industry

Two-factor authentication (2FA), also known as multi-factor authentication (MFA), is simple enough for companies to implement. However, this small measure can greatly increase the security of your organization and discourage cyber attacks overall.

The healthcare industry in particular, a sector that deals with large databases of sensitive medical data, should embrace two- and multi-factor identification to protect clients, patients, vendors and employees alike.

A recent study by Microsoft has revealed that two factor authentication has a 99.9% success rate in blocking automated cyber attacks, the most commonly seen type of attack. Unfortunately, only 11% of organizations actually use MFA.

After all, as the saying goes, an ounce of prevention is worth a pound of cure.

In this article, we will discuss why two-factor authentication has such a high success rate in protecting organizations from cyber criminals. We’ll also talk about how you can safely and securely deploy a two-factor authentication system within your own healthcare organization.

The healthcare industry and data

Cyber crime incidents within the healthcare industry are on the rise. According to Health IT Security, the healthcare industry accounts for 79% of all reported data breaches resulting from hacking, and attacks against health care providers and organizations are up 45% overall.

Part of this increase is due to the coronavirus pandemic. Cyber criminals and opportunists recognize a good opportunity when they see one, and swiftly move to capitalize off of people’s fears by sending phishing emails - or fake emails with links ridden with viruses - to as many email accounts as possible.

“A cross-site request forgery attack occurs when a victim makes a request that leverages their willing authorization or authentication keys,”  according to cybersecurity expert Mark Preston of Cloud Defense. “The attacker in question can then masquerade as the user and gain access to sensitive information.”

It may seem hard to believe that individuals so often compromise their authorization or authentication to their healthcare accounts. However, fear can make patients more likely to give in to requests for their login information, especially when it is seemingly coming from a trusted source like a healthcare provider.

Adding to the severity of the threat, recent moves in the Department of Health and Human Services are making it a goal to consolidate data to enhance health organizations and their ability to work with each other, share data, and conduct contact tracing. Building a larger and easier-to-use database is ideal for any modern society, but it also increases surface area for hackers to play with.

Two-factor authentication makes attacks against healthcare organizations much harder to achieve because a hacker must have access to the password as well as a special code or symbol that is sent to the user’s phone in order to access the account. This type of enhanced cybersecurity can be crucial for industries that deal with confidential data, especially given the current environment that has led to a dramatic increase in healthcare hacking incidents.

The benefits of two-factor authentication

The key benefit of two-factor verification can be found within the term itself: access to an account is dependent on two variables, which is akin to needing two keys to enter a home. Thus, the security is twice as strong.

Two-factor authentication is intentionally designed to lower the risk of compromised credentials. Actually, the process is quite simple in theory. Most people already use this type of security measure in some way or another.

For example, when a debit card is swiped at the ATM, the user then enters a PIN for a second step of identity verification. Another common practice is seen when a user logs into a website with their password but must verify a numeric code sent to their mobile device to get into their account.

Typically, the credentials involved in two-factor authentication are:

  • Something you know (like a password, answers to security questions, or PIN)
  • Something you have (like a smart card or token)
  • Something you are (like your biometrics, such as fingerprints or facial scans)

Deploying two-factor authentication made simple

Two-factor authentication improves security and workflow, but it has a perception of being cumbersome or time-consuming, which is not always the case. This method of protecting users should never be frustrating, impede workflow or create barriers to excellent patient care.

An embedded authentication workflow is ideal for a healthcare setting, meaning that once access is gained into a system, passwords and codes don’t have to be deployed again for different tasks. Of course, after a certain set time period, users should be automatically logged out and have to sign in again.

All cybersecurity measures must be compliant with the highest standards of regulating care, such as the DEA requirements for electronic prescriptions for controlled medications. That being said, a two-factor authentication system should be built specifically for the healthcare sector and its unique workflow requirements.

IT professionals must be able to communicate clearly the ever-lurking dangers of cyber crime accompanied by relevant statistics. Education and cybersecurity awareness among employees, after all, is one of the strongest preventative measures an organization can take against hacking. When employees and patients understand the risk, they are more likely to take personal responsibility to mitigate it.

Patients, doctors and employees must understand the current prevalence of cyber crimes and data breaches. They should understand the part they play in the likelihood of future increases in cyber crimes in order to appreciate enhanced cybersecurity measures.

After all, to a person who is unfamiliar with technology, a two-factor authentication measure might seem like an unnecessary hindrance keeping patients from getting the best, most efficient medical care possible.

It’s important that any security measures your organization takes comes along with the necessary self-awareness and cybersecurity literacy to empower your employees and patients and keep their data safe.


Building a culture of cybersecurity is the biggest preventative measure you can take to prevent data breaches and cyber attacks. When trying to relay the importance of these cybersecurity measures, it helps to illustrate the numerous recent breaches that have hurt the healthcare sector and the negative impact these incidents have on the employees and patients themselves.

What’s really vital, though, is that the deployment of cybersecurity measures is perceived as a collaboration between IT and staff in order to work together to build a safer and more secure healthcare environment. Taking care of patients and clients comes in many forms, and it is important to remember that the safety of their data and devices is one of them.

Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.

Share this Post

Recent Blogs