SSO security 101

SSO security is a strategic cybersecurity investment for healthcare


SSO is fast becoming a security best practice in healthcare. By reducing clinicians’ cognitive loads, improving clinical workflows, and centralizing IT management, SSO is a strategic cybersecurity investment for healthcare organizations. Here’s why:

  1. SSO improves security by replacing traditional passwords

    Healthcare professionals’ passwords are the root cause of the majority of healthcare IT security breaches because they can be easily lost, shared, stolen, phished, or forgotten. If a single healthcare user’s password is leaked, an entire healthcare organization’s perimeter can be thrown wide open. Healthcare organizations can effectively lock down their human perimeter and throw away the majority of their employees’ keys with an SSO solution. By replacing passwords with a more secure, quick, and usable authentication method, like a quick tap of a badge, SSO can significantly improve healthcare organizations’ cybersecurity efforts by eradicating many of the inefficiencies and vulnerabilities of the old-fashioned password.

  2. SSO improves security by reducing clinical users’ cognitive strain

    Passwords require clinical users to constantly divide their attention between their IT system and their patients’ care. By constantly requiring users to multi-task by typing long alphanumeric strings into dialog boxes, passwords increase staff members’ cognitive loads. This cognitive strain drives healthcare professionals to improvise unsecure password workarounds to reduce their frustration. Such workarounds include writing passwords on a sticky note, using generic login information, or sharing accounts. These kinds of workarounds, though more user-friendly and less frustrating for users, are a security nightmare for IT departments. Single sign-on (SSO) eliminates the cognitive strain and frustration passwords cause by allowing users to tap into their sessions quickly and easily, without having to type long, complicated passwords multiple times per shift.

  3. SSO improves security by being less hackable

    No matter how well intentioned or intelligent clinical users are, they can be easily manipulated into revealing their passwords to hackers through ingenious hacking attacks. Phishing, spear-phishing, and whaling techniques have become so advanced that even the best informed IT users can succumb to them. Password-fatigued clinical users who are frequently changing, retrieving, and entering complicated passwords understandably become desensitized to password requests. So, when a hacker presents users with a fake dialog box, a fake ‘password reset’ email from IT, or a fake security survey, at least one user will fall for the hacker’s hoax. By replacing manual passwords with a centralized and secure SSO system, healthcare users are automatically protected from the most advanced password-poaching methods, because they don’t have a password, and can’t accidentally share it.

  4. SSO improves security by freeing IT resources

    An SSO solution is exponentially easier to manage than a password-heavy IT system. In the absence of user passwords, which are frequently changed, lost, or forgotten, hospital IT departments are no longer bogged down with mundane password reset calls and related maintenance requests. With SSO, IT departments can refocus their time and energy on more strategic security initiatives while their SSO solution centralizes password resets and handles all the necessary reporting and auditing features to maintain HIPAA compliance, secure patients’ highly sensitive PHI information.

An effective SSO solution improves healthcare organizations’ security efforts by eradicating the heart of healthcare's security problems: the password. By replacing passwords, SSO reduces clinical users’ cognitive loads, improves clinical workflows, protects organizations from security breaches, and frees healthcare IT resources to work on more strategic security projects. For each of these reasons, implementing an SSO solution is a sound cybersecurity decision for hospitals.