A new survey from Imprivata highlights a growing disconnect in U.S. healthcare cybersecurity: while most healthcare IT leaders believe passwordless authentication is essential to the future of secure and efficient care delivery, very few organizations have fully implemented it.
According to the research, 85% of healthcare IT and security leaders say passwordless authentication is either very important or mission-critical to the future of healthcare. Despite that consensus, only 7% of healthcare delivery organizations (HDOs) report having fully implemented passwordless access for both clinical and non-clinical staff.
The findings are detailed in Imprivata’s report, “The State of Passwordless Authentication in Healthcare: Ending Password Pain,” which surveyed more than 200 IT and security leaders across hospitals, integrated delivery networks, and academic medical centers nationwide.
Password Dependence Continues to Strain Care Delivery
The survey underscores how deeply entrenched password-based workflows remain in healthcare environments. Sixty percent of respondents said their organizations still rely heavily on passwords, a dependence that carries operational, clinical, and security consequences.
Nearly half of respondents reported risky password workarounds, while more than four in ten cited an increased risk of security incidents or breaches. Delays in patient care and rising IT help desk workloads were also commonly reported side effects of password-heavy systems.
Industry observers note that these challenges are exacerbated by the realities of modern healthcare operations, where clinicians frequently move between shared workstations, clinical applications, and devices under significant time pressure.
“Healthcare organizations recognize that password-heavy environments are no longer sustainable,” said Chip Hughes, chief product officer at Imprivata. “Clinicians need fast, intuitive workflows, and security teams need stronger protection against increasingly sophisticated cyberattacks.”
Broad Support for Identity-Centric Access Strategies
Beyond passwordless authentication, respondents signaled strong interest in a range of advanced access and identity-centric security capabilities. Continuous session monitoring, risk-based authentication, offline multifactor authentication, and self-service password management ranked among the most valued technologies for improving security while reducing friction.
Respondents said the primary drivers for adopting these capabilities include stronger identity security and phishing resistance, faster logins, improved user experience, and fewer help desk tickets—outcomes that align closely with both cybersecurity and clinical efficiency goals.
In many organizations, these priorities reflect a broader shift toward zero trust and identity-first security models, particularly as healthcare continues to face elevated ransomware activity and credential-based attacks.
Adoption Barriers Remain Significant
Despite widespread agreement on the value of passwordless authentication, the path to deployment remains complex. The survey found that integration and technical challenges were the most commonly cited obstacles, followed closely by concerns around clinician acceptance, training, and regulatory or compliance requirements.
Clinical workflow disruption remains a particularly sensitive issue. Healthcare leaders continue to balance the need for stronger security controls against the risk of slowing care delivery or increasing clinician frustration.
“Healthcare leaders understand that password-heavy workflows are slowing clinicians down and introducing unnecessary risk,” said Dr. Sean Kelly, Imprivata’s chief medical officer. “What the industry needs next are access solutions that remove friction, protect patients, and modernize authentication without compromising care.”
Momentum Building, but Gradually
While current adoption remains limited, the survey suggests momentum may be building. Nearly a quarter of respondents expect their organizations to fully adopt passwordless authentication within the next 2 years—more than 3 times the current deployment rate.
Analysts caution, however, that progress will depend on vendors and healthcare organizations addressing interoperability, workflow integration, and change management at scale. As healthcare systems continue to modernize infrastructure and consolidate applications, identity and access management is increasingly viewed as a foundational component rather than a standalone security project.
For now, the survey paints a picture of an industry aligned on the destination but still navigating the operational realities of getting there.