If “Whatever doesn’t kill you makes you stronger” applies to 2021, Healthcare as an industry should certainly emerge more robust.
The industry faced employee shortages, reputational attacks, and the formidable challenges of administering care in new and agile ways during a pandemic. And if that wasn’t enough, it was pummeled by a flurry of devastating data breach punches as well.
In fact, 2021 now holds the dubious distinction as the worst year ever for healthcare data breaches, with 686 beating out last year’s record of 642.
That’s almost 45 million healthcare records that were exposed or stolen, with nearly three-fourths (73.9%) of the breaches coming from hacking or other IT incidents.
Leading the pack was the Accellion File Transfer Application (FTA) ransomware hack, with 3.51 million individuals impacted. The attack highlighted the risks implicit in leveraging legacy technology while failing to patch known security gaps.
Such is the bad news from 2021. In the face of it all, you might be feeling that a cynical, “Trust No One” approach is warranted.
Yet a moment’s reflection will show how in fact you do trust things and people and devices all the time: the chair you’re sitting on right now; the alarm clock that woke you up this morning (twice); the vehicle that moves you from point A to point B (well, usually).
In truth, we’re all compelled to put our faith (aka, trust) in something and someone, based on factors that are primarily outside of us: the person or object’s trustworthiness, reliability, and overall performance. So we do.
And yet. We’re not naive.
That’s because along with potential technology failures, we know malice exists in the human heart. Do we dare call purveyors of Killware evil? Why not?
Even so, we know that no one – not even a hacker – likes to be stolen from – which implies that there’s something deeply written on every conscience, a universal sense of something better.
…Yet, You Verify
And that’s where the use of “zero trust” does make sense. It gives credence to possible failure and harm scenarios in order to protect the good.
It takes seriously that, as we’ve said before, hackers are super smart (even if not wise, or good).
Driven by greed, or pride, they’ll do almost anything to enter your system and wreak havoc. (A new trick for them is to exfiltrate your data and threaten to publish it – not just encrypt it for ransom – in order to receive an even bigger payout).
By the way, keep in mind that the easiest way for them to enter is (still) by cracking your password. That’s all it took for the staggering Colonial Pipeline attack last May – a single, compromised password.
So we verify. We employ zero-trust on sign-ons and system-wide precisely because we know how quickly things can go south.
And because we care about patients and your ability to continue care, we’re sworn protectors (under HIPAA) against malicious forces, and anything that will impact data availability.
2FA in all our Solutions
So whether it’s hosting your new telehealth platform in 2022, or securing your exciting new healthcare app, HIPAA Vault’s compliant cloud and 24/7 managed security has solutions to keep you secure and growing.
Take securing your WordPress site, for example.
Wise practice is to always avoid a single-point-of-failure situation. Yet standard WordPress utilizes a single sign-on (or single-factor), requiring you to enter one username/password combination.
You might think you’re safe with a strong password, yet if anyone were to steal these credentials, they’d have full access to breach your data, install malware, and/or completely disable your site.
Implementing Two-Factor Authentication (2FA) increases your level of trust by providing you an extra layer of security in the sign-on process, by requiring the addition of a one-time passcode (OTP) to be entered.
This OTP can be conveniently delivered to your smartphone (Android or iPhone) by SMS or email. This way, even if someone did acquire your password, they could not gain access to your site without the OTP – and the code disappears after about 30 seconds.
Two-Factor Authentication strengthens security as well by helping to repel brute force attacks.
But if security configurations and monitoring aren’t something you want to worry about (and why would you?), HIPAA Vault offers a fully managed, HIPAA compliant publishing platform called HIPAA WordPress, designed to handle all this for you.
We’ll transfer your existing WordPress web content to a new, secure site, along with up to 2 databases, and you can choose from any of our customizable healthcare templates.
HIPAA Vault also provides a Business Associate Agreement (BAA), a HIPAA Compliance logo for display on your website, and 24/7 live, technical support.
Increasing your Trust
So, it makes sense – in healthcare data security especially – to trust someone who is willing to question even themselves, to put safeguards in place to protect against human error, and human evil. In that sense, HIPAA Vault’s “Trust no one” approach is actually a way to increase your trust.
So here’s to a happy, healthy, and more trusting New Year!
HIPAA Vault is a leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times. In addition, HIPAA Vault provides secure email and file sharing solutions to improve patient communications. For more information, please visit our website at www.hipaavault.com.