SSI serves security installing contractors providing systems and services; surveillance, access control, biometrics, fire alarm and home control/automation. Coverage in commercial and residential product applications, designs, techniques, operations.
Issue link: https://securitysales.epubxp.com/i/166764
ACCESS CONTROL TECHNOLOGY WHY BIOMETRICS IS GOOD FOR EVERYONE'S HEALTH Few industries have a more mission-critical need to secure both facilities than health care, nor face such intense compliance requirements. No wonder many security integrators are fnding this sector to be a growth area for their businesses. Get a frmer handle on this market and why biometrics is so applicable. By Greg Sarrail T he authentication model adopted by many health-care institutions is dated and vulnerable and violates the promise of trust that these institutions provide to their patients. Access to health information linked to the authorized individual and biometric authentication may be the best answer. Tis convenient authentication technology could mean those responsible for securing electronic health records (EHR) are about to see the last of passwords and proximity cards. After all, the health-care industry has seen more than its fair share of change. Less than a decade ago, virtually all patient information resided in paper charts stored in a records room. Patients (and, at times, even their caregivers) rarely had access to these records and records were difcult to transfer from one facility to another. Today, thanks to regulations and the rapid advance in digital technologies, the adoption rate of EHR has risen dramatically. Tis shift during the past fve years has created tremendous pressure to ensure that patient data is readily accessible anytime and from any location within the hospital. Unfortunately, ready access to data has outpaced secure methods to protect access to the data. Tese methods, such as username/password pairs or even proximity cards, are antiquated, overly complex to administer and lack a sufcient security model to protect sensitive and confdential patient data. And let's face it: these solutions were never designed to meet today's security needs and threats. Understanding this environment and its evolving needs is vital for security systems integrators pursuing health-care clientele. Savvy providers can extend themselves beyond the precepts of traditional physical security to incorporate logical and cyber aspects, thereby becoming a total solutions 128 / SECURITYSALES.COM / SEPTEMBER 2013 partner and enjoying the fnancial perks that entails. As we'll see, biometrics in particular fgures to play an ever-increasing role in securing the physical and logical assets of healthcare organizations. THE NEED FOR 2-FACTOR AUTHENTICATION The accelerated use of electronic data for health records, prescriptions, drug interaction checks, clinical decision support and myriad other systems has created a new problem: the need to validate the identity of the person who is requesting access with the right level of assurance at all points of access. Enterprise single sign-on systems and EHR suite vendors have improved clinician workfow by binding disparate username and password systems to a single log-on event using one username and password. However, everyone knows the username/password model is not secure. From Bill Gates' proclamation in 2004 that the password would soon meet its death to the constant barrage of password-related security breaches at top companies such as LinkedIn and Yahoo! to examples of remote breaches, such as in the state of Utah, where the health-care information of more than 780,000 Medicare patients was accessed through the use of hacked username and passwords, it's astonishing and frightening to think of the modern systems that still rely on this archaic technology. In fact, studies have shown that the health-care market suffers from abnormally high breaches and associated costs. Te majority of attackers gain initial access by exploiting guessable passwords or through brute force "dictionary" attacks. If the username/password model is insufcient for today's threats and single sign-on systems tie multiple passwords to a single identity, haven't the risks grown exponentially? To minimize this risk, two-factor authentication has be-