Share
Share
INDUSTRY
Healthcare
COMPANY SIZE
KEY OUTCOMES
80%
Of Account Recovery Requests Automated
With secure, self-service recovery capabilities
99%
Faster Resolution for Help Desk Calls
MFA reset time cut from 4.5 days to 20 minutes
22%
Reduction in all Account-related Support Calls
Resulting in significant operational savings (~$70 per password reset3)
Overview
Tampa General Hospital (TGH) is one of Florida’s largest academic medical centers, with 15,000+ team members and providers. Known for its commitment to world-class care, TGH also takes an industry-leading approach to security and innovation to future-proof and protect their systems, workforce, and patients.
As social engineering tactics grow more advanced, TGH saw an opportunity to strengthen how identity is verified during account recovery. To address this, the team embedded CLEAR1 into its existing identity access management (IAM) platform, PingOne DaVinci. The out-of-the-box integration pairs Ping’s flexible identity orchestration with CLEAR1’s biometric verification, enabling TGH to verify who is behind each request, not just the device or credentials they’re using.
While the primary driver was security, the impact was much greater. The new process cuts down on IT intervention, improves the employee experience, and aligns with TGH’s broader goals around operational efficiency and seamless digital access.
“Identity verification has largely been treated as a compliance tool, not an authentication tool. We wanted to protect our account reset workflows against bad actors and AI generated deepfakes. Knowledge-based authentication, asking users to verify their identity via security questions, is dead. Bad actors find answers to those questions on the dark web via breaches—that’s why we turned to CLEAR1.”
–David Quigley, Director of Cybersecurity, Tampa General Hospital
The Challenge
High-profile breaches share a common throughline—attackers aren’t breaking in, they are gaining access via the IT help desk. AI-generated audio, deepfakes, and stolen credentials are making impersonation both scalable and harder to detect. AI tools have only accelerated this shift with deepfakes capable of bypassing facial recognition and voice synthesis that defeats voice authentication.
The widely publicized cyberattack at MGM resorts originated from a single help desk phone call. Criminals impersonated an employee, convinced IT support to reset their multi-factor credentials, and used that foothold to breach systems, resulting in over $100 million in damages. These types of attacks prey on a very human instinct: the desire to help. In fact, 68% of cybersecurity breaches in 2024 involved attacks on humans, not technology.2
In the wake of these incidents, TGH saw both a warning sign and an opportunity to lead. The organization sought to modernize employee account recovery with a security-first approach. With CLEAR1, TGH implemented an account recovery experience anchored in biometric multi-factor authentication—designed to meet the demands of today’s threat landscape and deliver the identity assurance needed to confidently verify the person behind each request.
The Solution
Before implementing CLEAR1, password resets followed a traditional, device- and knowledge-based model. Team members initiated a request, received a callback to the phone number listed in their employee record, and verified their identity through a series of knowledge-based questions. While standard, the process was manual and relied on human judgment, as well as static information. This approach no longer aligned with the level of identity assurance the security team needed.
TGH replaced this process with CLEAR1, enabling biometric MFA that ties access to the individual, not just their credentials. With a native integration into PingOne DaVinci, the team went from idea to deployment in under three weeks, requiring no custom development or disruption to existing systems. With this joint solution, TGH was able to retire its 90-day password reset policy.
Team members still have the option to contact support for guidance, but self-service is now the only option, eliminating the need for human intervention.
“Our frontline workers no longer have account reset permissions. Instead, they guide users through a self-service process. CLEAR1’s identity verification, paired with our risk-based user analytics, empowers users to unlock their account, change a forgotten password, or reset their MFA devices even when they no longer have access to their previous MFA device(s).”
–David Quigley, Director of Cybersecurity, Tampa General Hospital
Why CLEAR?
TGH selected CLEAR1 to strengthen its security posture with a high-assurance, low-friction solution. CLEAR1 verifies that the person requesting access is who they claim to be through a multi-layered approach, which can include a combination of signals from biometrics, documents, and devices, and other trusted inputs including:
- Biometric matching to check that the person verifying is the same person on the government-issued ID
- Liveness detection to confirm the face is live—not a photo, video, or spoof
- Document authenticity to validate that the government-issued ID is real, untampered, and valid
- Source corroboration to cross-check identity data against authoritative third-party databases
These layers work together to detect anomalies and block threats that could potentially be missed through a singular check.
Despite the rigor behind the scenes, the experience is seamless for users. The process starts with a quick, one-time setup that involves uploading a valid government-issued ID and taking a selfie. These are matched to create a unique, reusable identity—meaning future verifications are as easy as snapping a selfie.
A key differentiator for CLEAR1 is its privacy-first, consent-driven model. Unlike solutions that require access to an organization’s backend systems, CLEAR collects data directly from the individual and only with their explicit consent. This approach not only protects privacy but also simplifies implementation for partners like TGH.
CLEAR1’s integration for MyChart through Epic Vendor Services adds further value, creating a path to extend secure verification beyond the workforce and into future patient-facing use cases.
The Results
80%
Of Account Recovery Requests Automated
With secure, self-service recovery capabilities
99%
Faster Resolution for Help Desk Calls
MFA reset time cut from 4.5 days to 20 minutes
22%
Reduction in all Account-related Support Calls
Resulting in significant operational savings (~$70 per password reset3)
“When we took MFA reset permissions away from our Help Desk, it was taking us 4–5 days in some cases just to get ahold of people. CLEAR1 helped us move away from that manual, high-touch process and gave us a scalable way to confirm identity.”
–David Quigley, Director of Cybersecurity, Tampa General Hospital
What’s Next
With CLEAR1 now deployed across its workforce, TGH plans to expand secure verification to patient-facing workflows through CLEAR1’s integration with Epic MyChart, further advancing the hospital’s commitment to delivering secure, seamless digital experiences. Their approach reflects a growing imperative in healthcare: to secure high-risk access points without disrupting the speed and reliability teams depend on.
*Epic and MyChart are registered trademarks of Epic Systems Corporation.
1 Forbes, “Ransomware Attack On MGM Resorts,” Sept 2023
2 Verizon. 2024 Data Breach Investigations Report. (May 2024, p. 8)
3 Research from Forrester estimates the average password reset cost is $70 (Forrester, Best Practices: Selecting, Deploying, and Managing Enterprise Password Managers, Nov. 2023)
