07-23-13 | Blog Post
Healthcare organizations are entrusted with consumers’ most sensitive personal information, which makes them a target for cyber criminals. The Department of Health and Human Services reports more than 19 million people have had health information compromised since the HIPAA breach notification rule went into effect in April 2001.
“The healthcare industry is a one-stop shop for attackers,” says Zoe Lindsey, a Regional Director of Enterprise Sales at Duo Security. “Within protected health information (PHI) you find social security numbers, credit card information from prior payments, information on family and emergency contacts that can be used for identity theft … the list goes on and on.
“Not only is there a wide variety of personal information available, it’s an especially high-value target because each record has many of those elements.”Lindsey and Online Tech’s April Sage, Director of Healthcare Vertical, will co-host a free educational webinar on how to secure access to confidential health information at 2 p.m. EDT on Tuesday, June 23. The latest in the Online Tech ‘Tuesday at 2’ webinar series is titled Achieving Cost-Effective, Scalable and Secure PHI Access Without Workflow Disruption (register here).
Lindsey has been part of a Duo Security team that has installed her company’s two-factor authentication product to help secure physician networks, hospitals, healthcare record services, transcription services and other healthcare-related organizations that vary in size from 300 to 15,000 employees.
Sage has deep knowledge of what the Office for Civil Rights defines and audits as “HIPAA compliant.” Online Tech is the only HIPAA hosting provider independently audited against the OCR Audit Protocol.
Static passwords that can be lost, easily guessed or breached have led to a wide range of regulatory provisions mandating the use of two-factor authentication.
“Passwords alone are not enough,” Lindsey says. “There were more major data breaches in 2012 than ever before, an exponential increase over prior years. Healthcare is a major target, and two-factor authentication is an effective way to mitigate that threat, one that can be accomplished with minimal time and cost invested.”Two-factor authentication is now offered by the Centers for Medicare & Medicaid Services (CMS) as guidance for remotely accessing ePHI for entities that must adhere to HIPAA security regulations.
“Hands down, two-factor is the single simplest and most cost effective means available to fortify your first line of defense, prevent attacker access before a user is compromised and gain visibility into when attackers attempt access,” Lindsey said. “Compromised credentials are always an attacker’s first step to breaching a network, so this prevents attackers from ever getting the ‘keys to the kingdom.’”
The sub-categories of the presentation – securing access in a cost effective and scalable way, without interrupting users’ workflow – comes directly from Lindsey’s first-hand experience in the field.
“The main challenges to security in the healthcare field tend to be highly distributed environments and doctors resistant to anything that interrupts their workflow,” she said. “We address that with a simple, hosted environment that meets their HIPAA privacy needs, and an intuitive user interface that prevents doctors from having to carry a keychain full of tokens.
“Previously, deploying two-factor services required installation and purchase of expensive on-site hardware appliances, as well as the cost of hard tokens. Then, with these complicated systems, you end up having staff spending a significant number of hours each week managing the solution, with the added expense in labor there. And after all that, many of the legacy providers are still vulnerable to attack! By offering a hosted solution, we eliminate much of the complexity associated with two-factor deployment, and can offer a scalable solution without an enormous upfront cost.”
Don’t miss our last webinar of July on Tuesday, July 30 @2PM ET:
Title: How to Achieve Maximum ROI and Patient Satisfaction via EMR
When: Tuesday, July 30 @2PM ET
Register: Online with GoToMeeting
Description: Join Sandy Vosk and Steven Caruso of ImageDoc USA for guidance on EMR implementation, intended to improve profitability and efficiency while reducing your risks before, during and after software adoption & implementation.
Encrypting Data for Data Breach Prevention
The State of California released a report on 2012 data breaches that found 1.4 million residents would have had their information protected if companies had encrypted data in transit when sent from their company’s network. The report showed 131 data … Continue reading →
HIPAA Violations Cost Health Insurer $1.7 Million: Lessons Learned
Reuter’s reports that WellPoint, Inc., the second largest U.S. health insurer, has reached a $1.7 million settlement with the Dept. of Health and Human Services as result of a data breach that exposed over 600k health records. WellPoint’s online database … Continue reading →