Three things you need to know about multi-factor authentication
By the end of 2020, 90 percent of large organizations like VUMC will utilize some type of enhanced authentication method to further secure their networks and data. Currently, 59 percent of healthcare institutions are using stronger authentication methods. One type of enhanced authentication method is multi-factor authentication (MFA).
MFA helps protect you and VUMC, or the organizations you do business with, by adding an additional layer of security to the typical username and password. MFA makes it harder for attackers to steal your credentials.
On November 1, VUMC will launch MFA in a limited fashion throughout the organization.
Here are three things you need to know as VUMC deploys MFA for its employees.
You are probably already using MFA
Have you ever gotten a text message on your phone with a code that needs to be entered to login to a system? That's MFA. You know your username and password, but the code contained in the text adds another layer of protection to the authentication process.
If someone steals your username and password but doesn't have your phone, they will not be able to impersonate you and access systems which contain valuable information that they can then sell on the dark web.
Many common services you already use have implemented MFA. Facebook has a "Code Generator". Google has the "Google Authenticator" application. Many banks use MFA to generate codes, or to send text messages to customer cell phones.
The healthcare industry is a big target for cyber attack
Healthcare organizations experience more cyber attacks than other industries. When the attack is successful they tend to lose more data than other types of businesses.
Healthcare information networks include many moving parts. All of this on-demand information is shared by users, departments, and devices that may not be secure.
Cyber-attacks are geared specifically toward these use cases and prey upon simple passwords, trusting end-users, and unsecured Wi-Fi connections to compromise information.
The Medical Center MFA platform adds protection with an extra layer of authentication that makes it much more difficult for an attacker to get what they want and satisfies new state and federal regulations to protect our data.
MFA is already in place at VUMC
MFA is already being used at the Medical Center. Many of our providers are currently using MFA for Electronic Prescribing of Controlled Substances (EPCS).
Yet there are many other types of sensitive and confidential information that must be protected with additional layers of authentication. For instance, applications like C2HR contain sensitive personal and financial information which must be protected against theft and disclosure.
Beginning November 1, 2018, VUMC will implement the Gemalto SafeNet MFA product and its mobile app, MobilePASS, for certain areas of the C2HR system to protect your personal information.
See next week’s article, “Three reasons why VUMC is implementing MFA,” and learn more about this technology.
Visit www.vumc.org/enterprisecybersecurity/MFA for more information about the Medical Center’s MFA solution.
See how MFA fits in with VUMC Enterprise Cybersecurity’s Cybersafe Communication Initiative.