Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Oct 21 2024
Security

MFA Fatigue: A Growing Headache for Healthcare (and How to Combat It)

What happens when your healthcare teams grow tired of multifactor authentication processes? Try these tips to combat MFA fatigue.

We all know that multifactor authentication is a must-have to defend against cyberattacks in healthcare. But what happens when those extra layers of security start to wear people down? That’s where the concept of MFA fatigue comes in. It’s the frustration that users feel when they’re hit with repeated MFA prompts, and attackers are ready to exploit this.

Click the banner below to find out how IAM improves healthcare security and simplifies access.

 

Why Healthcare Workers Are Prime Targets for Cyberattacks

Healthcare workers are, unfortunately, a favorite target for malicious actors for a few reasons. First, healthcare data is incredibly valuable; it contains personal health information and financial details that can be sold on the black market. Second, the fast-paced nature of healthcare environments can lead to employees being more susceptible to phishing attempts.

What Can We Do About It?

The good news is that you don’t have to choose between frustrating your staff and leaving the door open to hackers. Here are some key considerations for fighting MFA fatigue.

Get smarter with risk-based authentication. Not every login needs MFA. Adapt your process to risk level. Low-risk actions shouldn't need them, saving your staff hassle.

Underscore the need for education. People are your first line of defense. Teach your staff the value of MFA, how to identify suspicious requests (even when they just want to make the alerts stop) and why healthcare is such a tempting target for cyberattacks.

Consider FIDO2. Look into advanced standards, such as FIDO2, that use security keys or built-in biometrics. These are harder to fake and less annoying for users.

IAM TOC header

 

Rethink push notifications. They’re the simplest to set up but the easiest to abuse. Explore alternatives, such as one-time codes or hardware tokens.

Have a plan for when attacks happen. Train staff on how to report attacks related to MFA fatigue. Swift action can drastically limit the damage.

Offer clear explanations. Give context with MFA requests, such as device or location. A little information helps people make better decisions.

Don’t MFA them into oblivion. Adapt the frequency of prompts based on user history to limit unnecessary ones.

Combatting MFA Fatigue Is Not Just About the Tech

Ultimately, it's a balancing act. MFA fatigue highlights the fact that good cybersecurity isn’t just technical; it's about making security work with your staff, not against them.

UP NEXT Simplify identity and access management with expert guidance.

Editor's note: This article was originally published on April 8, 2024 and updated on June 14, 2024.

Harry Campbell/Theispot