Smart Card Alliance Promotes Data Security Best Practices in Support of National Cybersecurity Awareness Month
Princeton Junction, N.J., October 15, 2015 – To help kick off National Cyber Security Awareness Month, celebrated every October, the Smart Card Alliance is sharing best practices to help strengthen data security in government and healthcare.
“The theme this year is Our Shared Responsibility, and the Alliance is doing its part by educating on ways we can protect sensitive data from data breaches, hacks and fraud,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “Smart card-based two factor authentication can go a long way to strengthen data security, and should be implemented across industries, and particularly in government and healthcare where we have so much valuable data at risk.”
Data breaches have become a regular part of the news cycle over the past few months. The recent breach at the Office of Personnel Management (OPM), where 21.5 million current, former and prospective federal employee records were stolen, reignited the urgency for updated security practices to better protect data.
The Smart Card Alliance recommends two factor authentication, and more specifically, the use of smart card-based Personal Identification Verification (PIV) credentials as a best practice for government organizations to secure logical access to data. The Department of Justice reported that as of June 2015, 78,314 PIV credentials had been issued to employees, but only 2,833 employees were required to use them for logical access. Requiring the use of PIV credentials for all employees and contractors to access government information systems would significantly reduce the frequency and impact of data breaches in government.
After the OPM breach, Federal CIO Tony Scott ordered a 30-day cyber sprint that required agencies to update their security systems and better protect their data. As a result, government implementations of strong authentication increased across the board.
“There were significant efforts to improve cybersecurity in response to the cyber sprint. More than half of the largest government agencies have implemented strong authentication for nearly 95 percent of their privileged users,” said Vanderhoof. “This is just the first step towards success. In order to really secure logical access in government, every application on every system needs to move to two factor authentication.”
In addition to logical access, the Smart Card Alliance recommends use of PIV credentials to secure physical access as well. The Alliance established and now provides advanced training for integrators and technicians on how to set up and test physical access control systems to meet requirements and specifications through the Certified System Engineer ICAM PACS (CSEIP) program. Training under this program has been completed for over 100 system integrators in its first year.
For more information on strong authentication in government, visit http://www.securetechalliance.org/publications-government-id-resources/.
Securing identity is a crucial issue in healthcare for patients, payers and providers. As the industry moves forward with meaningful use of EHRs and data shared between organizations in Health Information Exchanges (HIEs), patient and provider identities must be tightly tied to individuals, be strongly authenticated and be kept secure.
The Smart Card Alliance recommends two factor authentication with smart cards to securely store sensitive user information such as patient health insurance information, Social Security numbers, prescription information and current patient mental and physical health conditions and to authenticate patient identity at the point of care.
These cards have been adopted by health organizations around the world to successfully create a streamlined, automated identification process for both patients and providers that eliminates common problems such as duplicate medical records, misidentification and medical ID fraud.
The Alliance recently responded to the U.S. Government Accounting Office (GAO) report “Medicare: Potential Uses of Electronically Readable Cards for Beneficiaries and Providers,” and recommended the implementation of strong authentication with smart cards to lay a foundation to prevent Medicare fraud by authenticating the beneficiary identity at the point of care, carrying that authentication through the entire claim transaction chain, and providing the foundation for system-wide data integrity.
For more information on strong authentication in healthcare, visit http://www.securetechalliance.org/smart-cards-applications-healthcare-identity/.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.securetechalliance.org.
Montner Tech PR