Cyber Resilience & Biometric Efficacies in the Healthcare Environment.
You’ve likely noticed a new purchasing device in your supermarket or favorite restaurant. All you need is your hand and just like that, you’ve paid for groceries. The palm scanner is just one example of cutting-edge biometric technology being utilized in the healthcare industry and many others. Biometric authentication verifies a person’s identity, analyzing biological data based on their unique physical characteristics. The unique advantage that biometrics have over other methods of identification is acquiring sensitive information using something, like a fingerprint, that can’t be lost, easily stolen, or shared. Across the United States, over 10 types of methods are in practice and gaining traction in healthcare.
The Future Is Now.
As the world continues to advance the powerful modes of technology, more conversations surrounding the latest trends in healthcare continue to circulate throughout the industry—and with good reason. Incorporating biometric systems into clinics, hospitals and other healthcare facilities impacts almost every area within them, including patient/administration communications, external and internal management systems and operations, liability, and expenses.
There’s no question about healthcare organizations’ increased reliance on digital technology to store and manage patient information. Biometric data is no different. While efficient, it has also made information an even greater target for unrelenting hackers. With unclear procedures and regulations, this leaves many businesses unclear on how to best prepare for and mitigate these types of risks.
Biometrics Raise Issues of Privacy
1. In what ways do biometrics influence patient data vulnerability?
2. How can I find real business analytics from my own business or other businesses testing biometric technology?
3. How sensitive does my organization need to be to cyber risks?
How will biometrics start to impact you?
You might be asking: Is biotechnology worth the risk for my business right now? Generally, we think it’s good to consider, but it ultimately depends on whom you rely on to provide the technology, the types of technologies and the insurance services you go through.
Biometric Technology and Cyber Security: How do they affect one another?
Cyber security and biometric data are intrinsically related. Though two distinct factions, how they relate to each other is of key interest. To provide any valuable insights as to how they correlate and affect one another, it’s imperative to look at the whole picture first.
Patient Security
Since the introduction of biometric authentication and behavioral biometrics, evidence shows these systems create a more secure environment for patients and staff. By verifying the identity of healthcare providers, staff and patients, biometrics can prevent unauthorized access to patient data and medical supplies, thus reducing the risk of digital and physical theft and fraud.
Cyberattacks can also have a direct impact on patient safety. If a healthcare organization’s systems are compromised, patient information may be used, altered or deleted, leading to incorrect diagnoses, treatments, data loss, insurance fraud and identity theft. In addition, hackers may be able to access medical devices and cause them to malfunction.
Improved Patient Identification
One of the primary uses of biometric systems in healthcare is patient identification. Biometric authentication can quickly and most accurately identify and record patients efficiently and effectively through:
– Streamlined administrative tasks and processes
– Improved security
– Reduced risk of medical errors
– Reduced need for carrying identification cards
– Reduced need to remember passwords
– Offering a way to provide vital patient information in emergencies who are unable to identify themselves or provide medical history
– Cleaner master patient indexes
– Fewer duplicate health records
– Reduced risk of treating the wrong patient
– Better servicing people with special needs (disabilities/inabilities)
Facing the Future: A Biometric Tech Boom?
Know the advantages, challenges and ethical implications of biometrics to make conscious business decisions.
The Rise of Biometrics
Remember 2020? With restricted face-to-face contact, overfilled hospitals, and a need for easily accessible data, the COVID-19 pandemic became a big catalyst for integrating biometric technology. Since then many facilities have added biometrics; however, it’s not fully established in healthcare just yet.
What’s Happening Now
We’re on the precipice of change, and for the better. Privacy is a risk of biometric technology that is evolving along with biometric laws. Even with some kinks to iron out, modern technology WILL continue to grow; it’s just a matter of WHEN it will become the standard/norm. Though biometrics are “relatively” new, we already know a great deal of important information about their effectiveness. Even with conclusive evidence of biometric security, there are so many other facets to consider. For example, biometric bias is still being studied.
Established biometrics like fingerprint and facial recognition are low-tech, low-cost and easy to integrate. The palm vein scanner, followed by the iris, are both nontraditional forms of biometric practices that show the safest, most accurate data. Although more costly upfront, they are both extremely practical and hygienic tools. Showing the most promise, the palm vein has the lowest False Acceptance Rate (FAR) and False Rejection Rate (FRR) of any other biometric. Additionally, the consent-based design makes it more straightforward to avoid legal issues and gain compliance with privacy regulations.
Current Regulations
So far seven states have carried out specialized biometric legislation related to consumer data privacy and security. “Since the start of the 2023 legislative session, at least 15 biometric privacy law proposals have emerged across 11 states,” the WilmerHale company remarks.1 Legislators and businesses are also acknowledging the Illinois-implemented Biometric Information Privacy Act (BIPA) and European Union’s General Data Protection Regulation (GDPR).
Biometrics fall under Protected Health Information (PHI). Monitor these for compliance with emerging privacy laws:
– The Health Insurance Portability and Accountability Act (HIPAA)
– The Health Information Technology for Economic Clinical Health Act (HITECH)
What The Future Holds
Biometric practices will be more palatable as time progresses. When biometrics hit the mainstream, even more opportunities for enhanced cyber security will arise with additional artificial intelligence, blockchain technology and telehealth assistance.
“Society is moving towards mobility in every capacity, making healthcare more widely accessible—and that’s a very good thing,” states Emily Lowe, Napa River Cyber Leader. In turn, costs for these high-tech solutions will decrease with more defining laws set in place.
Greatest Risks.
Privacy is the top concern. It’s no surprise cyber attacks remain the top threat, with the cost of breaching reaching $10.10 million in 2022. Mainly ransomware attacks, other attacks include data breaches, third-party vendor risks, insider threats and regulatory non-compliance. A 2022 report by IBM states “Healthcare breach costs have been the most expensive industry for 12 years running, increasing by 41.6% since the 2020 report.”2
To put into even greater perspective, ECRI’s 2023 hazards list reports the #1 greatest threat is: recalls for at-home medical devices. In comparison, cybersecurity risks associated with cloud-based clinical systems are listed at #5.3 Additional stats show this year’s most common threats include phishing, ransomware attacks, data breaches and Distributed Denial-of-Service (DDoS) attacks.
What You Can Do To Stay Secure.
Here are a few simple internal actions to better protect your business:
– Implement strong passwords and access controls
– Regularly back up data
– Offer training to employees
– Increase visibility
– Improve third-party security
– Implement multi-factor authentication
– Hide biometric data via tokenization
– Keep your software updated
Moving into biometric tech while avoiding risks.
Is privacy getting harder to protect? It’s a cat-and-mouse game really. Technology is an extremely powerful security tool. Smart technologies make it more and more difficult for a successful attack, but they are not without their weaknesses. Privacy is a matter of shared responsibility. No matter the forces we build to protect elements of value, nothing will ever be 100% secure.
Biometrics eliminates a lot of threats but currently not without causing more distress in understanding the nuances of biometric and cyber security legalities. Mainstreaming biometrics will continue to place clearer regulations and practices into effect. For inquiries on how we can support you, email our Director, Sue Shields at sshields@napariverinsurance.com.
MOVE FORWARD FEARLESSLY.
Move Forward Fearlessly with a plan in place. We’ve got your back.
Risk is a reality. Prepare for, respond to and recover from risk to keep your organization operating effectively. We understand the range of threats you may face. Our experts offer tailored claims and risk management solutions, supporting you when and how you need it.
Napa River Insurance Services, Inc.
A Third-Party Administrator
866.407.7060 | https://www.napariverinsurance.com/contact/
1 Nahra, Kirk J, et al. “Biometric Privacy Law Update.” WilmerHale, 24 Feb. 2023, www.wilmerhale.com/insights/client-alerts/20230224-biometric-privacy-law-update.
2 Cost of Data Breach in 2022, https://www.ibm.com/reports/data-breach.
3 “Top 10 Health Technology Hazards for 2023 Executive Brief.” ECRI, www.ecri.org/top-10-health-technology-hazards-2023-executive-brief. Accessed 12 June 2023.