Reliable user authentication is the first step towards making sure that no intruder accesses the Hospital IT system. If an intruder accesses a workstation in a hospital, e.g. by using a name and password written on a post-it on the wall near the workstation or using very common passwords, like 1234. Hospitals today mostly rely on passwords as doctors and nurses are busy and have to log into systems many times a day so they tend to share passwords (mostly on shared applications) or choose extremely unreliable passwords, thereby increasing the risk of intruders penetrating the system. Some hospitals use cards to make authentication slightly more reliable. However, cards can easily be lost or stolen, and can’t be used without dedicated readers.
The test scenario revolved around upgrading existing medical software developed by FORTH, with the users’ authentication solution developed by IDEMIA in the context of PANACEA. The users’ new authentication is based on two-factors: a hardware token and facial recognition. For convenience, the hardware token used is a smartphone carried by the user while face recognition is implemented using a simple webcam. The medical software developed by FORTH, called ICS for Integrated Care Solution, is an innovative, multi-purpose platform for electronic and mobile health applications. Before PANACEA, it relied on passwords for user authentication.
ICS users no longer need to remember passwords any more: they just sit or stand in front of the workstations giving access to ICS, and their face and smartphone reliably opens a session. The new authentication solution is easy to use, secure, affordable, easy to integrate in the overall IT infrastructure and in specific applications like the ICS. It is GDPR compliant and suitable for shared equipment, e.g. workstations and medical devices, which can be used by multiple people in the hospital securely.
"The users’ response was to a great extent positive. Despite some initial reservations about moving from conventional authentication to facial recognition, users have responded very well to this new approach and see themselves using it in the future mentioning the ease of use and the improvement it brings to the security of the authentication process." FORTH ICS Pilot Lead