Good Time to Take Stock of Your Authentication Methods
I’m sure almost everyone has heard that when buying real estate the three most important factors to consider are “location, location, location.” When it comes to data security, one could say the three most important factors to consider are “authentication, authentication, authentication.”
In its November 2016 cyber newsletter, the Office for Civil Rights (OCR) disclosed that some of the many data breaches that have occurred in the healthcare sector were due to “weak authentication.” As the healthcare sector continues to be a top target for cyber-attacks, OCR advises that all healthcare organizations should perform a risk analysis to determine whether proper methods of authentication have been implemented.
Deploy “Reasonable and Appropriate” Authentication Methods
Remember, HIPAA requires that covered entities must select healthcare authentication measures that are “reasonable and appropriate” for their normal operations and security requirements. The OCR newsletter lists certain types of authentication methods, like single-factor and multi-factor. According to OCR, healthcare organizations tend to use single-factor methods such as “login passwords or passphrases to access information.”
bTrade Can Help Address Authentication Needs
If you are a healthcare organization and want to determine whether you have implemented proper authentication measures, contact us at firstname.lastname@example.org to schedule a free consultation with a bTrade authentication expert. He or she will assist finding an authentication method that is “reasonable and appropriate” considering your organization’s size, complexity, technical infrastructure, hardware, and software security capabilities.
In addition, you may want to consider bTrade’s TDMedXchange software solution because authentication is just one of many features that a healthcare organization could use to help prevent a data breach and ensure compliance with HIPAA requirements. The authentication requirements in TDMedXchange are fully customizable and include features such as:
- Virtual Keyboard to thwart keystroke loggers
- Strict password settings
- One Time Passwords
- Customizable password length, lockout, history, age, include/exclude characters, etc.