Comarch Cyber Security in Healthcare

Secure user identities for healthcare

Data protection from unauthorized access is especially important in healthcare.

The access to sensitive data should only be granted to authorized persons, with scope of doing so strictly regulated, and accountability mechanisms in place.

Comarch cyber security solutions allow you to protect the identity of both your patients and healthcare staff as well as authorize, authenticate and manage the access to medical applications, devices and crucial data.

Comarch Identity & Access Management (CIAM) and tPro family systems are a good fit here.

The key business advantages of Comarch IAM are:

Identity management solutionEnables individual healthcare professionals to access medical records or history at specific times and for specific reasons.

Access management featureAllows to manage access to systems and resources across the entire network of medical facilities, with full accounting included.

Single Sign-On solution (SSO)Ensures hassle-free integration across web medical systems – a single click to access them all.

Workflow processes for multi-level acceptance schemesAllows to request permission on medical platform to be added or revoked by the four-eye principle.

Delegation of dutiesEnables delegation of medical employees permissions under limited timeframes.

Compatibility with PKI and SmartCardsProvides trusted resources access and secure storage of sensitive information based on Public Key Infrastructure (PKI) and microprocessor cards.

Compliance with GDPR regulationsProvides support for security-by-design approach, Role-Based Access Control (RBAC), Separation of Duties (SoC), data portability, right to be forgotten, registry of all actions and processes, reporting and more.

These result in:

Fast and secure access to medical systems based on location and user permissions.
Simplified user management by defining access rights around roles and privileges (Role-based Access Control approach).
Wide range of support for different authentication and authorization methods (e.g. passwords, hardware and mobile tokens, smartcards and others).
Centralized and efficient access control policy.
Reflection of company’s organizational structure.
Encryption in transit for all connections through SSL.
Remote access to medical facilities.

The tPro family

Moreover, with our tPro family solution, we offer two-factor authentication (2FA) paradigm allowing medical staff to apply stronger security measures to patient data. Thanks to this, strong and various customer authentication methods meeting PSD2 requirements are provided.

Comarch supports own authentication mobile and hardware tokens including both ECC / RSA algorithms and OTP approach. We also support third-party tokens.

Security audits

Our security audits focus on risk analysis, penetration tests as well as audits of compliance with standards, guidelines and good practices. Such a service allows you to check the security of your entire IT environment and identifies potential threats and gaps in the protection of medical data.