The Importance of Multi-factor Authentication for Payers

Cybercrime has no boundaries, and cybercriminals are always coming up with new methods to gain access to Personally Identifiable Information (PII) and use it for monetary benefit.

cyber-security-2021-10-16-17-38-42-utcLarge companies are not immune. Between 2013 and 2016, over 3 million user accounts at yahoo! were exposed. In January 2021, over 60,000 companies worldwide were affected by a cyberattack on Microsoft. According to Fortified Health Security's report, in the first half of 2022, more than 19 million records were implicated in healthcare data breaches. It's never been more critical for companies of all types to incorporate measures to manage cybersecurity vulnerabilities to safeguard their customers' personal information. Healthcare payers have even more pressure to secure PII with stringent security measures. Multi-factor authentication (MFA) is a good weapon to use to protect payers and providers against the threat of cybercrime.

The average US data breach costs $4.24 million. (IBM 2021 Cost of a Data Breach Report)

What is Multi-Factor Authentication

Multi-factor authentication is a security technology requiring multiple authentication methods from independent categories of credentials to verify a user's identity for a login or other transaction. This layered defense safeguards data stored on a network, database, or account. Sensitive data is protected by additional barriers of authentication, keeping vulnerable data safe.

Public organizations suffer the highest rate of data breaches, with healthcare and finance in second and third. (ENISA Threat Landscape 2020 – Data Breach)

The Benefits of Multi-factor Authentication

Improved security: A single layer of security guarding a point of access, like a password, makes it easier for the hacker to find a way to gain access. All they have to do is infiltrate the password, and they have access to sensitive information. Access that requires a second (or even a third) factor of authentication makes it much more difficult for the hacker to get in.

Enabling digital transformation: With more organizations offering digital access to things like member accounts and moving resources to the Cloud, information is just a few clicks away for the savvy cybercriminal looking to gain access to personal information for financial gain. Multi-factor authentication is a powerful weapon for securing digital information and keeping online interactions and transactions secure.

Reduces the risk from compromised passwords: Passwords are the most common form of authentication. However, they are the least secure. It's common to reuse or even share passwords. Password fatigue happens when employees are required to come up with complicated passwords that must be updated on a regular basis. It's tempting to jot down a password on a sticky note placed under the keyboard, where it can easily be stolen, leading to exposure for account holders and system administrators.

A 2021 Verizon Data Breach Investigations Report found that 61 percent of breaches in 2020 were executed using unauthorized credentials.

How Does Multi-factor Authentication Work?

Multi-factor authentication works by requiring additional verification information (factors) to access an account. There are three main types of MFA Methods:

1. Knowledge - Something you know, like a password, One Time PIN (OTP), or answer to a security question.

Passwords are typically user created and unique. Tip: Never use the same password for all of your accounts. The longer your password, the better.

OTPs can be both knowledge and possession. For example, you know the OTP and have to have something in your possession to get it, like a smartphone.

92% of people know the risks of reusing passwords across their online accounts, which inherently leads to a higher risk of password theft and credential misuse. Despite this, 65% do it anyway. (LastPass Psychology of Passwords 2021)

Answers to personal security questions - Tip - When setting up personal security questions, don't use true answers to questions that people could figure out. For example, what city were you born in? Use a city DIFFERENT than the one you were born in.

2. Possession - Something you have in your possession, like an access badge, USB device, Smart Card, fob, or security keys. A OTP generated by a smartphone app sent by text or email to a trusted device.

3. Inherence - Something you are, like fingerprints, facial recognition, voice, retina or iris scanning, or other Biometrics.

Multi-Factor Authentication includes using a combination of these elements to authenticate.

Why Multi-factor Authentication is Important for Payers

As part of the Health Insurance Portability and Accountability Act (HIPPA) Privacy Rule of 1996, sensitive patient health information may not be disclosed without the patient's consent or knowledge. Health plans and healthcare providers are bound by this law. A major goal of the Privacy Rule is to ensure that an individual's health information is adequately protected while allowing the flow of health information needed to provide and promote high-quality healthcare and protect the public's health and well-being. The HIPPA Security Rule protects all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form.

The Act requires covered entities to verify that a person seeking access to electronically protected health information (ePHI) has authorization. Two-factor authentication provides this identification.

Healthcare payers can’t afford to leave the security of electronically protected health information at risk. Payspans Core Payment Newtwork enables secure exchange of remittance information for payers. Download our Core Payment Network eBook for more information on safeguarding individually identifiable health information.

Download the eBook