Yesterday, MedStar Health, one of the largest providers of medical services in the Washington D.C. area, announced that its computer network was infected with a virus. MedStar decided to shut down “all system interfaces to prevent the virus from spreading”. As of this writing, its computer systems remain offline for a second day.
Last month, Hollywood Presbyterian Medical Center, a Los Angeles-area hospital, announced that it had its computer systems locked down with ransomware and decided to pay the ransom.
These healthcare providers are not alone. The U.S. Department of Health and Human Services maintains a public listing of breaches of healthcare records. A quick glance shows how common breaches occur in the healthcare industry. And this is just for breaches actually reported to the department and only relates to the U.S.
With two-factor authentication solutions such as GreenRADIUS, healthcare providers can add a strong and affordable layer of security to electronic patient health records.
Not only does two-factor authentication make practical sense from a security perspective, but compliance is a factor as well. One of the requirements under HIPAA is for covered entities and business associates to “implement procedures to verify that a person or entity seeking access to electronic protected health information (EPHI) is the one claimed”. One risk management strategy specifically cited by the Department of Health and Human Services is to “implement two-factor authentication for granting remote access to systems that contain EPHI” (Remote Use, HIPAA Security Guidance, HHS.gov).
To learn more about how GreenRADIUS can help, contact us at firstname.lastname@example.org.