In the digital era, the term “data breach” has become something all businesses fear. Cyberattacks have become so frequent that it is no longer a matter of if an organisation will get hit, today it is only a matter of when.
As a result, cybercrime has reached the top of almost every risk register and cyber defences have become a priority for all.
Cybercrime has grown into one of the world’s largest economies netting criminals billions every year, and while attackers’ arsenals get more diverse every day, when it comes to breaching organisations, criminals still prefer to ‘get in the old fashioned way’ through the use of stolen passwords and user credentials.
The reasons behind this are simple, passwords are the oldest, yet most flawed, authentication mechanism.
Employees simply have too many to remember, so they adopt poor practices such as writing them down, using the same password across multiple accounts or using easy to guess passwords which can be brute forced out of businesses.
Cybercriminals also understand that one set of valid credentials can be enough the secure access to an organisation’s crown jewels to perform a successful attack.
Healthcare under increased attack
When it comes to breach targets, criminals prefer data rich organisations that hold swathes of Personally Identifiable Information (PII) and financial information that can be easily monetised. As a result of this, healthcare organisations are often seen as the jackpot for attackers.
According to data from the Verizon Data Breach Investigations Report (DBIR), of the 5,212 confirmed data breaches studied in the report, 571 occurred in the healthcare sector.
The report also confirmed over 40 per cent of attacks on organisations in the last year were caused by stolen credentials.
These findings confirm the heightened risk healthcare organisations are under and the key role credentials play in executing attacks.
As a result of this increased threat, it is not surprising that one of the UK’s leading healthcare providers, London Central and West (LCW), has recently taken action to improve the defences of its employee credentials against cyber theft.
London Central and West (LCW) is a leading provider of out-of-hours healthcare that operates the NHS 111 service and caters for over 4.6 million citizens across Northwest and North Central London.
Not only did LCW want to improve the security of its clinicians’ user credentials, it also wanted to make it more efficient for clinicians to access medical systems, without having to use multiple logins.
Liam Mahon
Because LCW runs an out-of-hours service, many of its GPs work in different practices during the day, but this means they have to remember multiple logins, which can cause delays in accessing patient data and providing care.
As part of a user credential overhaul, LCW was keen to not only improve the security of its workforce against breaches and credential theft, but also to make it more efficient for them to access patient records.
When assessing the cybersecurity market, LCW saw the benefits offered by passwordless security, which could improve cyber defences and also improve access efficiency.
Passwordless security removes passwords from the hands of users, giving organisations control over employee access.
The authentication method integrates with organisations’ cloud applications offering seamless access to critical applications without the need for multiple logins, and because there are no passwords they can’t be stolen or phished for.
When assessing passwordless security providers, LCW adopted My1Login’s Identity and Access Management (IAM) solution, which has integrated with their existing initial computer login and removed the need for clinicians to manage any additional application passwords, enabling the transition to a passwordless environment.
This means clinicians only need to sign into their computer once to get access to all the information they require to provide critical patient care.
The solution enables LCW to mitigate password-related cyber security risks, control user identities and help meet critical compliance obligations.
Unlike other IAM solutions, My1Login’s customer data is all encrypted client-side, ensuring encryption keys remain securely within LCW’s network perimeter meaning only they have access to their data, thus adding an additional security layer to protect their user identities.
There is no denying that healthcare providers are under increased threat from cybercrime, and with user credentials holding the keys to the digital healthcare kingdom, the need to prioritise their security has never been greater.
LCW has taken steps to reduce this risk through the deployment of My1Login’s IAM solution, thus improving security and enabling the healthcare provider to offer more efficient and faster care to patients.
