Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices -- Security Today

Biometric Identification in Healthcare Doesn’t Replace Data Security Best Practices

While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN).

By Michael Fox
Apr 16, 2019

Cases of mistaken identity can have devastating consequences in healthcare. A newborn could go home with the wrong parents, or a patient might receive the incorrect medication or diagnosis.

Even minor mistakes can have negative outcomes — a doctor’s office that is slow to produce a patient’s files because of a delayed identification process can erode patient confidence, not to mention create delays in their care. To further complicate matters, currently the Social Security Number remains common as an identifier, even in the face of increased fraud and data breaches.

There’s no reason for patients to remain at such risk with more secure and unique digital methods available. It’s apparent that the healthcare industry — from small clinics to the largest hospital networks — is in need of a better universal identifier.

One such identifier is a perfect fit for a new ID method in healthcare — biometrics. After all, facial scanning and fingerprint IDs already unlock many modern smartphones. And home health tests prove consumers’ increasing comfort sharing their biological data for improved service and convenience. By 2022, it is estimated that 40% of healthcare organizations will use biometric-based identification, and by 2024, the market for technology systems that allow this type of ID will reach $3.5 billion .

But among all the opportunities for biometrics to make identification more accurate, less time consuming and more consistent, healthcare organizations must also realize implementing such a system doesn’t make the underlying data any more secure. Just like a SSN, a thumbprint, an eye scan or even a vein print is merely a method of accurate identification based on previously verified and stored data. And if the underlying systems that store the data — from IT infrastructure to file systems — are not secure, it doesn’t matter how unique the identifier or mechanism for identification might be.

Science fiction and determined hacker groups might have you believe biometric systems are easy to spoof. While no system is foolproof, biometrics are vastly more accurate and secure ways to identify patients because they measure a physical trait (something you are) rather than a piece of knowledge (something you know e.g., passwords, ssn, PIN). In reality, the cost to fake or duplicate something as complex as an iris or fingerprint drives hackers to focus on less secure systems.

Take the news of India’s recent healthcare breaches, for example. In search of a better form of patient identification, the country’s Aadhaar project enrolled biometrics for more than 1.8 billion residents into the system in 2018. Since then, the project has been plagued by reports of insecure data due to poor security standards. In one case, a researcher found more than 40,000 ID card scans on an unsecured third-party database. Bad actors went after unsecured transactions instead of finding utility in biometric data.

None of this is to say healthcare providers shouldn’t look to implement biometric identification. However, in doing so, they should take the opportunity to carefully examine their underlying data security systems and protocols, including:

● Committing to extensive training. Data breaches are often the result of human error. Even in healthcare, where HIPAA and other very strict privacy laws require workers to be particularly careful with data, breaches can easily occur as a result of improper training or neglect. Everyone, from nurses to support staff to seasoned neurosurgeons, should be well versed in phishing and other techniques employed by bad actors.

● Being mindful of third-party data access. Sharing data is vital to ensuring patients receive necessary care. However, healthcare professionals need to be vigilant not just about their own organizations’ data security, but also their third-party partners’. A breach at a lab or satellite facility can still expose organizations to risk.

● Ensuring a breach response and recovery plan exists. Organizations should have a concrete plan to respond and recover if a breach does occur, and conduct frequent drills to test that plan. The financial impact and damage to the organization’s reputation can be difficult to recover from if teams are scrambling to respond.

A future where something as unique as a fingerprint or face shape unlocks our entire medical history is exciting. Biometric identification systems have the potential to improve quality of services received by patients through quick and accurate identification, and save healthcare providers cost by reducing caregivers unproductive time and minimizing risk. However, healthcare organizations must first realize their data is only as secure as both the basic systems that house it and the business practices that make the data accessible to authorized users, internally or externally. Biometric identifiers are merely the key to data — healthcare organizations must be careful to keep the locks secure.

Amerant Bank Selects Omnilert AI Technology for Enhanced Video Surveillance Security
05/02/2025
Minnesota County Is Still Reaping Huge Benefits from ASAP Service
05/01/2025
Winsted Unveils Pinnacle Collection with Sliding Worksurface
04/30/2025
Everon Awarded Sourcewell Cooperative Purchasing Contract
04/30/2025
Honeywell Signs Global Distribution Agreement With Milestone Systems
04/28/2025
DSI Security Services Announces Leadership Reorganization and Strategic Growth Initiatives
04/21/2025
Everon Appoints Enterprise Security Veterans to Top Sales Leadership Roles
04/17/2025
Reconeyez Appoints Peter Young as New CEO to Lead Next Phase of Growth
04/16/2025

Featured

Verizon’s 2025 Data Breach Investigations Report Notes Alarming Cyberattack Surge Through Third Parties

Verizon Business recently released its 2025 Data Breach Investigations Report (DBIR), which reveals a significant increase in cyberattacks. The report found that third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%, creating a concerning threat landscape for businesses globally. Read Now
- Cybersecurity
Net2 Access Control Increases Reliability at Residential Complex

Encore Atlantic Shores is a residential complex of 240 luxurious townhomes for ages 55 and over in Eastport, New York. Completed in 2011, the site boasts an 11,800 square foot clubhouse, with amenities such as a fitness center, heated indoor pool, whirlpool spa, multi-purpose ballroom, cardroom and clubroom with billiards, tennis courts and an outdoor putting green. Read Now
- Access Control
Security Today Announces The Govies Government Security Award Winners for 2025

Security Today is pleased to announce the 2025 winners in The Govies Government Security Awards. The awards honor outstanding government security products in a variety of categories. Read Now
- Government
Survey: 60 Percent of Organizations Using AI in IT Infrastructure

Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now
- Cybersecurity
New Research Reveals Global Video Surveillance Industry Perspectives on AI

Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now
- Artificial Intelligence

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.
FEP GameChanger

Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.
Connect ONE®

Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.