Healthcare organizations are under more pressure than ever before. Not only are they required to provide adequate care, but they must now meet the increasingly difficult demands of consumers seeking seamless, personalized digital experiences.
Meanwhile, the healthcare industry is facing unrelenting cyberattacks, many powered by emerging technologies – like artificial intelligence (AI) – that have ripple effects on patient care, budgets, and business operations. The 2024 Verizon Data Breach Investigations Report revealed there were 1,378 cyber incidents between November 2022 and October 2023, and of those, 1,220 were data disclosures.
In the last year alone, massive cyberattacks on healthcare organizations significantly impacted much of the nation’s healthcare system. Unfortunately, payers, providers, and even government institutions are still dealing with the aftermath of these cyberattacks. As data exchange continues to grow within the healthcare industry, it’s critical for healthcare leaders to implement strong security measures. As healthcare leaders look to the future of cybersecurity, decentralized identity emerges as a primary technology.
An Industry-Wide Wake Up Call
When it comes to the level of effort required to remediate a data breach, there’s no industry quite like healthcare. The very initiatives intended to improve patient and member experiences have also expanded the breach attack surfaces. According to the US Department of Health & Human Services (HHS) Office for Civil Rights (OCR), cyber incidents in healthcare are on the rise. From 2018-2022, there was a whopping 93% increase in large breaches reported.
To further complicate matters, the proliferation of AI across digital channels has brought cybersecurity concerns to the forefront and ushered in a new era of mistrust. Yet, only 27% of healthcare organizations have administered a strategy to protect against AI-based identity threats. Hospitals and other patient-facing organizations must acknowledge that one increasingly vulnerable asset in such attacks is digital identity. Hackers weaponize AI to quickly take over accounts, create detrimental deepfakes, and commit identity theft. AI has allowed threat actors to do more harm with fewer resources on a larger scale, posing serious consequences for the healthcare sector.
With identity fraudsters becoming more sophisticated and aggressive, the stakes simply couldn’t get any higher. In fact, the amount of money lost could potentially be up to $1 billion per day for healthcare organizations.
The consequences of these attacks can be severe. Data shows that, as a result of a recent cyberattack on a healthcare technology vendor, 74% of hospitals involved in the incident reported impacts on direct patient care. When it comes to breaches, it only takes one compromised system to infiltrate an entire healthcare organization’s identity warehouse. Without strong identity security and governance, an attacker can breach one user’s account and move laterally, not just across the hospital system but also its partners’ systems, to find and exploit valuable data. This can have a lasting impact not only on trust but even safety. This is where the concept of decentralized identity comes in.
Decentralized Identity Debrief
Decentralized identity is an approach to identity management that allows users to control their identity information and eliminates the need for users to provide unnecessary amounts of personal information to access a service.
There are three parties involved in the decentralized identity process, and each plays a pivotal role: the issuer, the holder, and the verifier.
- The issuer is the organization, such as a pharmacy or other healthcare provider, that creates a verifiable digital credential.
- The holder is the person, such as a patient, who receives the verifiable credential.
- The verifier checks the credentials to ensure it was signed by the issuer’s digital keys.
With decentralized identity, healthcare organizations issue users a verifiable digital credential that is stored in a digital wallet. A digital verifiable credential is secured through encryption and contains information about the issuer, who it was issued to, and specific data attributes that can be attached to that person. Users can then present their credentials to organizations that then verify the information instantly without having to contact the issuer.
In terms of the cybersecurity implications,, decentralized identity minimizes the reliance on centralized databases and reduces the amount of sensitive information stored in a single location, thereby reducing the incentive for an attack. Decentralized identity also reduces the possibility of fraud and account takeovers by helping ensure the person behind the credential is who they claim to be. It is changing the entire attack surface by shrinking it altogether.
Today’s Healthcare Organizations Must Prepare for Tomorrow
Adopting a decentralized identity strategy is crucial for healthcare organizations to stay one step ahead of bad actors. Decentralized identity gives consumers the power to manage their personal data. It creates a circle of trust between the consumer and organization that guarantees their authenticity. This is especially important knowing healthcare organizations don’t work in a vacuum. Providers, payers, billing services, regulatory agencies, and consumers and their caregivers are all interconnected. That means, when one system is breached, it has the potential to spiral to other partners and departments.
Healthcare payers and providers are also subject to strict regulations, such as HIPAA and PCI, which makes them more susceptible and responsible for data breaches. By protecting sensitive health data from unauthorized access, healthcare organizations ensure they’re meeting complex regulatory and compliance requirements or legal issues.
Identity Verification: The Gateway to Better Experiences
The repercussions of healthcare breaches are far-reaching. From financial losses and reputational damage to legal liabilities, it’s time for healthcare organizations to take back control of their security.
Healthcare organizations can stay one step ahead of threat actors by investing in capabilities and products to thwart potential risks. Decentralized identity is one approach these leaders can take to solve today’s identity problems.
My advice is: don’t take shortcuts when it comes to security. Poor digital experiences and overlooking security can prevent you from providing your consumers and partners with the best care. After all, consumers should feel confident that the healthcare organizations they do business with are helping to alleviate problems, not adding to them.
Chris Sault
Chris Sault is U.S. Healthcare Director at Ping Identity
