Adapta's YubiKey Success Story: Achieved Fast and Secure Login Experience

YubiKey Case Study

Medical IT Service Provider Adapta

Achieving Rapid Login Experience and Security for Healthcare Professionals with YubiKey

Adapta's Challenges

Adapta, an IT healthcare service provider in the Netherlands, specializes in building and operating enterprise architectures (EA) for healthcare institutions, with a particular focus on providing IT support to care service providers for the elderly and disabled.

Adapta was considering implementing a Multi-Factor Authentication (MFA) solution for staff at nursing facilities, but found that traditional authentication apps were not suitable for the care environment.

Staff working in elderly care facilities and disability care facilities use laptops and tablets instead of smartphones, performing care duties and administrative tasks concurrently.
They need to log into systems multiple times a day to write reports and check data. Using smartphone-based authentication apps for Multi-Factor Authentication (MFA) would add extra time to logins, burdening care duties and potentially causing stress.

And, smartphone-based authentication apps for Multi-Factor Authentication (MFA) have been identified as vulnerable to account takeover and phishing attacks.

For administrators, concerns included the operational effort of distributing authentication apps, version management, and the cost and asset management associated with smartphone deployment.

Additionally, the healthcare industry in the Netherlands has a policy of changing passwords quarterly. Unfortunately, this often leads to predictable and repetitive password settings, posing a challenge regarding vulnerability to phishing attacks.

YubiKey's Solution to the Challenges

YubiKey successfully resolved Adapta's challenges.

Ensuring Patient Care Time While Enhancing Security Level

With smartphone-based Multi-Factor Authentication (MFA), login can sometimes take 30 to 40 seconds due to app or text message code entry. Adapta managed to reduce login time to less than 10 seconds by combining Google Cloud ChromeOS passwords with YubiKey. Staff could dedicate more time to patient care, achieving higher security levels stress-free.

Quick and Easy Implementation

Adapta implemented YubiKeys, which meet the highest level of authentication security (FIDO U2F and FIDO2/passkey protocols), for two care organizations in the Netherlands.
At the first organization, they deployed YubiKeys to approximately 6,500 staff members, yet staff did not need to perform complex setups, and Adapta didn't even need to establish a dedicated implementation support team.
At the second organization, they deployed YubiKeys to approximately 1,100 healthcare staff and caregivers. After preparing explanatory videos and other resources, the transition was completed overnight, allowing immediate use in operations.

Administrator Time Savings

Typically, implementing traditional authentication apps involves significant effort for distributing and maintaining the apps for new employees, as well as managing versions. However, by adopting YubiKey, these tasks became unnecessary.
Especially when new staff join, they can start work immediately upon receiving their YubiKey and account information, significantly reducing the administrative burden.

Reducing the Risk of Account Takeover from Phishing Scams

Even if email addresses or passwords are stolen and a phishing attack occurs, if a YubiKey is registered to the account, hackers cannot log into a staff member's account unless they physically steal the YubiKey.
This prevents account takeover with the highest level of security.

Adapta's Achieved Operational Improvements and DX Vision

Adapta, with its management, support team, doctors, practitioners, nurses, and numerous volunteers, sought a Multi-Factor Authentication (MFA) solution that balanced security and ease of use. Through this process, they experienced firsthand that the combination of YubiKey and Google Cloud is highly effective.

They anticipate that further YubiKey implementation will enable a passwordless work environment in the future.

Furthermore, a smoother digital experience is crucial for staff recruitment and retention. Adapta aims to meet the needs of healthcare professionals who seek a comfortable work environment by utilizing YubiKey for multiple purposes, such as building access and document printing, thereby achieving DX.

This article is a translation and summary of a Yubico website article, authorized by Yubico, by International System Research Co., Ltd., an official YubiKey reseller.

• Yubico Article: Adapta secures healthcare workers with YubiKeys
• Translation and Summary: International System Research Co., Ltd.
• Images are for illustrative purposes only.

YubiKey Case Studies

YubiKey as a Service Case Study

Major Japanese Manufacturer Company A
ISR's Partnership Support Cleared the Hurdles of Large-Scale YubiKey Deployment

Read Case Study

YubiKey Case Study

Hyatt Hotels

YubiKey Implementation Story: Reducing Security Risks, Improving Operational Efficiency, and Enhancing Customer Experience.

Read Case Study

Deep Dive into YubiKey Case Study! ISR's Official Distributor Commentary Section

This applies to your company/hospital too!
"Two-Factor Authentication" Becomes Mandatory for All Medical Information Systems from Reiwa 9 (2027)

While the case study in this article is from overseas, it's not irrelevant to us.

Are you aware of the "Guidelines for the Secure Management of Medical Information Systems" published by the Ministry of Health, Labour and Welfare? The "System Operation Edition (Control)" of Version 6.0 (May 2023) included the following statement:

What Constitutes "Two-Factor Authentication"?

To meet two-factor authentication requirements, when logging into various medical information systems, a system that authenticates by combining two or more of "knowledge," "possession," and "biometric" factors is necessary.

Specifically, the following measures will be necessary:

・Provide employees with smartphones (possession factor) to enable system login via fingerprint authentication (biometric factor).
・Introduce YubiKeys (possession factor). Employees can then log into the system by inserting the YubiKey and entering a PIN code (knowledge factor).

Considering the financial burden of implementation, operational effort, the need to keep medical operations running smoothly, and the vulnerability of mobile-based authentication (SMS authentication/one-time passwords/push notification apps) to phishing attacks, YubiKey is an effective option because its "per-unit cost is lower than smart devices, it can be carried with house or car keys, and it provides high authentication security simply by inserting it into a PC and touching it."

Will Higher Authentication Security Levels Be Required for Future Medical, Hospital, and Care Authentication Systems?

Starting with the mandatory two-factor authentication in 2027, our company predicts that the required level of authentication security will continue to rise. The main reasons for this are likely the following:

• Frequent medical data breaches and increasingly sophisticated attacks.
• Movement towards improving security levels by national and local governments.
• Increased authentication security requirements for medical IT service providers, and a trend towards higher security levels in the US.

In reality, even within two-factor authentication, there are differences in security levels depending on the authentication method.
As a company, we predict the mandating of authentication technologies with higher phishing resistance, such as those represented by FIDO2.

While this is a prediction, considering past trends and the movements of leading IT industries and the US government, we believe that:

• Smartphone-based one-time passwords may not be considered secure two-factor authentication.
• The use of passwords may be prohibited.

And so on, are possibilities.

Furthermore, authentication for cloud services, which are increasingly being adopted, needs to be strengthened. To address this, by integrating Zero-Trust Single Sign-On (SSO) service CloudGate UNO with YubiKey, you can ensure industry-leading authentication security.

An authentication system that meets FIDO2 standards can prepare you for long-term regulatory updates.
If you are looking to implement two-factor authentication with an eye toward the future, we strongly recommend adopting an authentication system that meets FIDO2 standards, such as YubiKey.

How to Purchase YubiKey

YubiKey can be acquired either through a subscription model or as a one-time purchase.

Only available from us in Japan!

Subscription for
"YubiKey as a Service"

​For enterprises, government agencies, and large organizations

Deploying YubiKey across many users often comes with high initial costs and a significant deployment burden. That's why "YubiKey as a Service" is your best solution. It drastically reduces costs, offers the flexibility to change YubiKey types as your needs evolve, and provides comprehensive support for a smooth operation.

In Japan, only ISR has a distributorship agreement with Yubico headquarters to provide this service. Entrust your YubiKey implementation to us for maximum security and assurance.

Learn more about YubiKey as a Service

One-time Purchase Through Reseller

This involves purchasing the necessary YubiKeys as a one-time transaction from a reseller, including us.
A disadvantage is that since it's a one-time purchase, resellers may not support firmware updates for YubiKeys or changes to different types after initial deployment.
We also handle one-time YubiKey sales, so please feel free to contact us.

Inquire about Pricing Here