This week Brigham and Women's hospital in Boston, MA notified patients of a security breach that potentially compromised a number of patient records when a doctor was robbed at gunpoint and his laptop and mobile device were stolen. In this case the individual who was robbed was also forced to provide the passcodes required to bypass encryption on the devices.
Lost or stolen devices are a major cause of data breaches, and when passcodes or device based tokens are the only protection against unauthorized access (which was the case here), users and their data are made more vulnerable. It is for this reason that organizations will need to have in depth discussions around new technologies that can prevent access to protected information in the event of a theft of this kind. Biometric technology, because it requires the owner/user of the information to be present at the time of accessing it, lends itself well to this use case. "While the BWH incident had encrypted devices, it is still an example of why healthcare organizations need to have numerous physical safeguards in place to ensure that patient data remains secure" said Elizabeth Snell for HealthITSecurity.com in a piece about the incident. Biometrics can provide the missing physical component without introducing additional hardware requirements that users are resistant to and that remain open to being compromised by theft.