Cybercrimes, such as stealing Protected Health Information (PHI) and Personally Identifiable Information (PII) for identity theft, are a multi-billion dollar industry. Such data breaches not only have an immediate financial impact but the affected Healthcare Organizations (HCO) also face a long-lasting loss of reputation and trust. Thus, protecting your enterprise’s data assets and developing the ability to respond promptly to cyber threats is now an integral, indeed essential part of protecting PHI and PII. However, you can’t do this effectively if you don’t know what cyber threats you face.
For the past ten years, Verizon’s annual Data Breach Investigations Report has analyzed security breaches across different industries and identified the different mix of threats each faces. In its latest report, Verizon notes that 15% of identified breaches in 2017 were related to the healthcare industry. Among the various threat statistics, the report notes that 75% of the attacks are carried out by outsiders, with an alarming 81% using stolen and/or hacked, weak passwords as the dominant attack vector. Within the healthcare sector, insider misuse (i.e., access to data that one is not entitled to as a part of one’s job) is also a significant factor in data breaches. Healthcare data breaches can be for malicious purposes (e.g., accessing medical records for sale), simple curiosity or inadvertent (such as when an employee accesses patients’ PHI from a compromised computer at home or loses a USB stick with PHI).
These statistics identify the need to provide a stronger form of authentication and authorization for access to healthcare data that isn’t possible with only usernames and passwords. For a medical provider, the effects of a data breach, either malicious or unintentional, can have serious consequences. The Health Insurance Portability and Accountability Act (HIPAA) requires that healthcare providers ensure that safeguards be in place to protect against any unauthorized disclosure of PHI information that is maintained or transmitted electronically. This becomes more burdensome as medical data are increasingly created and accessed by mobile devices. Protecting healthcare IT resources from unauthorized access is, therefore an essential part of any medical provider’s duties, not just an add-on function. Healthcare data breaches can prove costly in terms of lost reputation and expensive fines for the affected organization.
CyberloQ – Secure Multifactor Authentication
Advanced Credit Technologies’ patent-pending CyberloQ™ technology adds another tool to the healthcare provider’s arsenal to fight unauthorized access to protected resources. Rather than take action after a breach, CyberloQ uses Multi-Factor Authentication (MFA) to pro-actively ensure that only authorized users, on approved devices within designated locations can access your HCO’s protected data.
“Always Off” and Setting the Perimeter of Surveillance
CyberloQ enabled client accounts will always be in an “inactive” state until they use their mobile device (a smartphone, laptop or tablet) and a PIN as a two-factor authentication credentials to access any protected data resource, PHI or PII. Data protected by CyberloQ can be accessed only by those employees or patients who have been registered with the healthcare provider’s CyberloQ enabled database such as Active Directory or LDAP. The medical provider also uses CyberloQ’s administrator-defined geofencing capability to ensure that the user/device is within a certain geographic perimeter before access is granted. This location can be as large as a city or, using physical beacons, as small as a room providing the ultimate perimeter surveillance scalability. Once a user breaches the perimeter of the geofence, the account, and all access is automatically disabled. This feature is particularly important in a world where medical data is increasingly accessed via “always-on” active accounts.
Iron Clad Security
We are developing enhancements to add additional layers of security to CyberloQ’s current MFA solution by including biometrics for the highest level of access security.
By using CyberloQ’s multi-factor protection technology, HCOs can more than meet HIPAA privacy and security guidelines by ensuring that healthcare data is not accessed from unauthorized locations, on unapproved devices or by unauthorized personnel. Records, essential in case of an audit by the Health & Human Services’ Office for Civil Rights (OCR) for a HIPAA violation compliant, are recorded in a global administrative console that is easily accessible at any time.
Grounded in 30+ years of experience providing domestic and international cybersecurity services for the U.S. government, our CyberloQ™ technology is designed specifically to provide a solution for proactive, real-time control of identity governance to protect an HCO’s patients, information assets and the organization’s brand.