Protecting Critical Healthcare Data Requires Strong Leadership
Protecting Critical Healthcare Data Requires Strong Leadership
Healthcare remains a high-value target for hackers. According to the Department of Health and Human Services Office of Civil Rights, the sector faced a surge of breaches affecting over 179 million individuals for 588 reported breaches in 2024.
Comprehensive healthcare records hold significant value on the dark web, frequently selling for hundreds of dollars, because they can grant access to expensive medical benefits, devices, and services. According to an article written for The National Association of Healthcare Access Management titled The Value of Personal Medical Information: Protecting against Data Breaches by Laurie Zabel, “Personal medical data is said to be more than ten times as valuable as credit card information. PHI has such a high value because it contains highly sensitive information, such as social security numbers, birth dates, addresses, credit card numbers, telephone numbers and medical conditions.”
Challenges and Best Practices
Protecting personal health data is challenging because it is a dispersed industry including large insurance companies, hospitals and healthcare networks, all the way down to small doctors offices. The value of health data means it will continue to be a prime target for hackers and we should expect even more attacks in 2025.
Consistent best practices and improved regulatory requirements are needed to solve the increasing rate of attacks. The comment period closed last month for HIPAA’s Notice of Proposed Rulemaking to strengthen cybersecurity protections for electronic protected health information (ePHI). The update proposes a number of policy updates, including requiring encryption at rest and in transit, the deployment of anti-malware protection, and the use of multi-factor authentication. This effort is an important step in improving the cybersecurity posture of covered health care entities. A number of bills were also introduced last year in Congress, including the Health Care Cybersecurity and Resiliency Act of 2024, by the current Chairman of the Senate Health, Education, Labor and Pension Committee Bill Cassidy (R-LA).
Upcoming Legislation
The legislation has a number of important cybersecurity updates addressing the cyber workforce, rural communities and includes potential grant funding to enhance cybersecurity in health care entities. A key policy focus in the bill is to require the Secretary of HHS to update required security standards for covered entities and business associates, including the adoption of multi-factor authentication or successor technologies. This is an important step, but going further in this legislation and the proposed HIPAA security update to follow NIST guidance in SP 800-63 and OMB M22-09 to move to passwordless authentication would be even better. This would substantially increase the protection of health records and further reduce the risk of successful attacks like phishing. To date, this legislation has not been introduced in the current Congress. We will have to wait for the next steps in the regulatory process for HIPAA cybersecurity protection.
The threat to healthcare records and systems is ongoing, making it crucial to focus on protecting healthcare data and enhancing the overall cybersecurity of the healthcare system. We are at a critical juncture, and prioritizing this issue within the Administration and Congress is essential.
Nok Nok Protecting Critical Healthcare Data
Nok Nok is a founding member of the FIDO Alliance and a global leader in passwordless authentication, making it easy for organizations to protect data and move away from passwords, adopting safer, faster ways for users to log in.
The Nok Nok platform helps organizations manage the complexity when deploying passkeys—modern, passwordless credentials—across all devices and platforms. This means users can log in with biometrics or use device-based authentication, eliminating passwords. Nok Nok’s future-proof platform is purpose-built to support everything from mobile banking, healthcare systems, government agencies, to IoT devices and beyond.
Key Benefits of Nok Nok:
-
Passwordless Authentication: Replace passwords with passkeys and biometrics, making logins safer and easier for everyone.
-
Frictionless User Experience: Users enjoy faster sign-up and sign-in, with success rates as high as 99.5% and sign-in speeds up to twice as fast as traditional methods.
-
Integration: Nok Nok’s robust SDK and API’s ensure integration into any app/service to ensure compatibility within even the most complex environment.
-
Industry Certifications: Nok Nok helps organizations meet strict industry standards, including FIDO, FedRAMP High, and DoD Impact Level 5 (IL5) and more.
-
Global Scale: Trusted by banks, telecoms, and enterprises worldwide, Nok Nok delivers proven, scalable authentication for millions of users.
