Passwordless authentication in healthcare: are your controls keeping up?

TL;DR: Healthcare organisations are still relying on passwords even as 42% of surveyed leaders say they raise breach risk and 46% report risky workarounds in daily operations, according to Imprivata’s research on passwordless authentication. The real issue is not just stolen credentials, but authentication models that do not fit clinical workflows or help desk realities.

NHIMG editorial — based on content published by Imprivata: The state of passwordless authentication in healthcare, ending password pain

By the numbers:

• 85% of healthcare IT and security leaders say passwordless authentication is very important or mission-critical.
• Only 7% have fully adopted passwordless access across their organisations.
• 40% experience increased IT and help desk workload.

Questions worth separating out

Q: How should healthcare organisations implement passwordless authentication without disrupting clinical workflows?

A: Start with the highest-friction and highest-volume clinical journeys, especially shared workstations and point-of-care logins.

Q: Why do passwords create both security and operational risk in healthcare?

A: Passwords create dual risk because they are both phishable and operationally disruptive.

Q: What do security teams get wrong about password resets and account recovery?

A: Many teams treat recovery as a support function instead of a security control.

Practitioner guidance

• Replace high-friction password paths in clinical workflows Prioritise passwordless methods for shared workstations, point-of-care access, and frequently repeated logins where password entry drives unsafe workarounds.
• Harden account recovery and help desk verification Treat reset and recovery flows as privileged processes.
• Reduce authentication vendor sprawl Review the three-or-more authentication vendor pattern and consolidate where possible so inconsistent policies do not create more complexity without removing passwords.

What's in the full article

Imprivata's full research covers the operational detail this post intentionally leaves for the source:

• Breakdowns of the survey methodology and the full response base from more than 200 U.S. healthcare IT and security leaders.
• The complete set of password-related pain points, including workflow disruption, help desk strain, and care delays.
• Adoption context for passwordless authentication, including why leaders want it and where implementation still stalls.
• The report's detailed reasoning on biometrics, FIDO2-based authentication, and adaptive authentication in clinical settings.

👉 Read Imprivata's research on passwordless authentication in healthcare →

Passwordless authentication in healthcare: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →