One of the clear lessons of our recent pandemic has been that an invisible virus can do great harm to a body, if only given a “portal” through which to enter. The “attack vectors” are varied, if not deceptive: airborne, on surfaces, and even by those who show no symptoms.
Fortunately, we’ve learned firsthand how the vigilant use of protections – while not a guarantee – does help limit transmission, keeping us and our communities safer.
The same holds true, of course, for a computer virus; and like the infectious diseases that seek human hosts, it’s not just one we’re fighting – it’s many. HIPAA Vault is on the frontline, committed to fighting these common and novel viruses to keep you safer. Our newest solution, a cost-efficient, HIPAA compliant platform for WordPress, offers layers of protection for the private health information of patients who could be seriously impacted by a breach.
Why You Need it
You’re probably familiar with WordPress publishing; it is, after all the most popular CMS in the world. Unfortunately, its popularity, numerous themes, and many plugins give hackers an abundance of targets. Securing your WordPress website simply isn’t an option – especially if it handles patient data.
Configuring your WordPress site for HIPAA compliance, however, can be challenging; it’s important to know what you’re up against. A HIPAA compliant cloud infrastructure that meets the standards of the HIPAA Security Rule is vital. (Our free checklist can help you see what else is required for compliance). Another means of helping to secure your WordPress site – in addition to two-factor authentication which we discussed in part 1 – is to utilize a robust security plug-in. An excellent choice for this is Wordfence.
Let’s take a look at what this helpful plugin can provide:
Powerful Firewall
As noted, it’s largely the prevalence of WordPress sites worldwide that has made them a popular target for hackers. A Web Application Firewall (WAF) that’s specifically designed to keep pace with the ever-evolving attacks directed at WordPress is therefore invaluable for a healthcare site. That’s what Wordfence offers – and it’s free.
The Wordfence WAF goes into operation immediately as you’re firing up your site, blocking these harmful codes that are designed to run when plugins and themes are initialized. These attacks include SQL Injection, Cross Site Scripting (XSS), Malicious File Uploads, Directory Traversal, and more.
The great thing about Wordfence too, is that they keep updating the “Firewall Rules” that identify these malicious patterns and vulnerabilities – so you’re always getting the latest protections. (A premium version is available for real-time protections; the free version applies all updated protections within 30 days). Regular reports are sent to you as well so you can track all changes.
Threat Defense Feed
Traffic requests to your site will always consist of good and bad URLs. Wordfence will help screen out the malicious, or “blacklisted” ones from doing damage, allow you to block spammers/hackers from particular countries, and automatically recognize any common attack patterns. Brute-force (login) attacks are also prevented with Wordfence.
Your admins will also have the flexibility to create “whitelists” for URLs that may initially be blocked as suspicious, but may actually be acceptable requests to your site. (Note: The firewall must be set to “Learning Mode” to do this, though care must always be taken as this can allow certain complex attacks). Two other status modes are available for the firewall, so you have options: Enabled and Protecting, and Disabled.
Daily Scanning
The ability to remain vigilant against attacks and identifying potential problem-spots on your site is key to security, as well as promoting your peace of mind. Wordfence will perform daily scans of your site to do just this. If anything is amiss, either in any of your files or a plugin that needs updating (a frequent cause of breaches), you will be alerted, so you can take action before trouble occurs.
Login Security
We’ve mentioned two-factor authentication previously. WordFence actually includes settings for two-factor authentication (2FA) and reCAPTCHA (accessible for administrators from the WordFence dashboard), to provide extra layers of security for those who would access your site.
An authenticator app on your smartphone (such as Authy or Google Authenticator) is necessary to utilize 2FA. You have adoption to whitelist your own IP and bypass 2FA as well if you’ll always be accessing your WordPress administrative dashboard from the same IP.
Choose HIPAA Vault
If all of this seems daunting, HIPAA Vault can provide you with a fully managed, cost-effective, and HIPAA compliant publishing platform for WordPress that gives you all this and more.
We’ll transfer your existing WordPress web content to a new, secure site, along with up to 2 databases. Our layers of security include advanced threat detection and mitigation, scanning, and backups. We also provide the most recent version of MySQL and PHP (two components vital to running WordPress), audit controls to log site access for any activity that involves ePHI, and configuring of sFTP for secure updates.
You can also choose from any of our customizable healthcare templates. HIPAA Vault provides you with a Business Associate Agreement (BAA), a HIPAA Compliance logo for display on your website, and 24/7 live, technical support. Above all, we keep your important healthcare data safe and available.
Questions about HIPAA Compliant WordPress? Give us a call (760-290-3460), or visit us at www.hipaavault.com.
HIPAA Vault is a leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times. In addition to HIPAA Compliant WordPress, HIPAA Vault provides secure email and file sharing solutions to improve patient communications. For more information, please visit our website at www.hipaavault.com.