Passwordless in healthcare: are your identity controls keeping up?

TL;DR: A survey of more than 200 healthcare IT and security leaders found that 42% say passwords raise breach risk, 46% see risky password workarounds in daily operations, and only 7% have fully adopted passwordless access, according to Imprivata. The problem is not just credential theft but the way password-dependent workflows now undermine both security and clinical operations.

NHIMG editorial — based on content published by Imprivata: The state of passwordless authentication in healthcare, Ending password pain

By the numbers:

• 46% reported risky password-related workarounds occurring in daily operations.
• Only 7% have fully adopted passwordless access across their organizations.

Questions worth separating out

Q: How should healthcare organisations move away from passwords without disrupting clinical access?

A: They should replace passwords in the highest-friction workflows first, especially shared workstations, frequent logins, and urgent access paths.

Q: Why do passwords remain a breach risk even when MFA is widely used?

A: Because MFA often sits on top of a password-dependent model rather than replacing it.

Q: What do security teams get wrong about passwordless authentication in healthcare?

A: They often focus on the front-end login experience and ignore the support, recovery, and exception paths that determine whether passwordless actually reduces risk.

Practitioner guidance

• Map every password-dependent clinical workflow Identify where clinicians, support staff, and contractors still rely on passwords for login, reset, recovery, shared devices, and break-glass access.
• Harden recovery and help desk verification Review password reset, account recovery, and support override procedures as high-risk identity events.
• Reduce credential sprawl across access channels Consolidate authentication methods across clinical, enterprise, cloud, and remote access systems so users are not forced to remember different credentials for different contexts.

What's in the full article

Imprivata’s full research covers the operational detail this post intentionally leaves for the source:

• Survey methodology and respondent profile for more than 200 healthcare IT and security leaders
• Breakdowns of password impact across security risk, clinical workflow disruption, and help desk workload
• Adoption data for passwordless, adaptive authentication, and biometric approaches across healthcare environments
• The full set of survey findings behind the reported 42%, 46%, and 85% measures

👉 Read Imprivata’s research on passwordless authentication in healthcare →

Passwordless in healthcare: are your identity controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →