NH-ISAC Ditches Passwords, Links with Trusona

Out with the old, in with “dynamic user authentication with assurance static user credentials can’t be stolen or replayed to imitate an actual member’s login”: The National Health Information Sharing and Analysis Center (NH-ISAC) announced this week that it is ditching passwords.

The leading nonprofit healthcare cybersecurity collective will pair with tech company Trusona to adopt its #NoPasswords solution. The technology works by generating a one-time use QR code for desktop portal logins. When the code on that screen is scanned using the corresponding mobile app, it instantly validates the login.

“Today NH-ISAC has sent a loud message that there is a better way to secure identity,” Trusona CEO Ori Eisen said in a statement. In November, his company led a webinar event with representatives from Aetna that was hosted by NH-ISAC.

“The implementation of Trusona’s no passwords authentication aligns with our commitment to protect healthcare organizations against threat actors, said Denise Anderson, President of NH-ISAC. “We simplified identity authentication for our members, demonstrating there are solutions that are stronger than passwords.”

Trusona’s technology has been making waves of late. The Scottsdale, Arizona-based company closed a $10 million Series B funding round in June. Microsoft Ventures led investment. In October, the company opened a headquarters in the UK.

NH-ISAC, meanwhile, has urged hospitals to follow its lead on several cybersecurity initiatives. It recently published a report with the Global Cybersecurity Alliance (GCA) and security company AGARI that found 57% of emails “from” the healthcare industry are unauthenticated or fraudulent. Domain-based Message Authentication, Reporting & Conformance (DMARC) can be used to prevent potential infections from these unverified emails, but 98% of healthcare providers do not utilize it.