Why Healthcare Workers Are Prime Targets for Cyberattacks

Healthcare workers are, unfortunately, a favorite target for malicious actors for a few reasons. First, healthcare data is incredibly valuable; it contains personal health information and financial details that can be sold on the black market. Second, the fast-paced nature of healthcare environments can lead to employees being more susceptible to phishing attempts.

What Can We Do About It?

The good news is that you don’t have to choose between frustrating your staff and leaving the door open to hackers. Here are some key considerations for fighting MFA fatigue.

Get smarter with risk-based authentication. Not every login needs MFA. Adapt your process to risk level. Low-risk actions shouldn’t need them, saving your staff hassle.

Underscore the need for education. People are your first line of defense. Teach your staff the value of MFA, how to identify suspicious requests (even when they just want to make the alerts stop) and why healthcare is such a tempting target for cyberattacks.

Consider FIDO2. Look into advanced standards, such as FIDO2, that use security keys or built-in biometrics. These are harder to fake and less annoying for users.


DISCOVER: Simplify identity and access management with expert guidance.

Rethink push notifications. They’re the simplest to set up but the easiest to abuse. Explore alternatives, such as one-time codes or hardware tokens.

Have a plan for when attacks happen. Train staff on how to report attacks related to MFA fatigue. Swift action can drastically limit the damage.

Offer clear explanations. Give context with MFA requests, such as device or location. A little information helps people make better decisions.

Don’t MFA them into oblivion. Adapt the frequency of prompts based on user history to limit unnecessary ones.

Combatting MFA Fatigue Is Not Just About the Tech

Ultimately, it’s a balancing act. MFA fatigue highlights the fact that good cybersecurity isn’t just technical; it’s about making security work with your staff, not against them.

Source link