Practice Cybersafe Communication – Part 2 of 3

Four reasons why VUMC is implementing MFA

Vanderbilt University Medical Center (VUMC) has a strong desire to protect its data as well as your personal information. The implementation of a Multi-factor Authentication (MFA) tool at VUMC will establish a foundation for more secure, protected environment.

Not only will the implementation of MFA protect your personal information and VUMC data, it will also create additional layers of security to satisfy regulatory requirements, as well as protect against current cyber threats and incidents, such as phishing attacks.

Below you will find background information on the four reasons VUMC needs MFA to enhance our cybersecurity:

To protect your personal information

MFA Blog 2 pic 1.jpg

VUMC wants to help you protect your personal information. Beginning November 19th, you will be required to enroll in MFA to:

  • Make changes to your payroll information
  • Change your personal information like your home address
  • Access tax information like W-2s and tax status

Because we are committed to the protection of employee information, we are requiring the use of MFA to access this personal confidential information.


The current threat environment

MFA Blog 2 pic 2.jpg

  VUMC experiences 400 to 500 million attacks on our network per year.

  While nearly all of these attacks are repelled, there are occasional successful attacks that can have a significant impact on operations.

  The cyberattacks directed at VUMC continue to become more complicated.

  They generally target trusting employees like you, which leads to the third reason VUMC is implementing MFA.



Continued employee susceptibility to cyber attacks

MFA Blgo 2 pic 3.jpg

During a phishing test conducted by VUMC Enterprise Cybersecurity in the spring of 2018, a large number of employees clicked on links or gave their credentials to what could have been a malicious attacker.

Many VUMC employees clicked on a link that could have exposed our sensitive data.

While you will see continued training regarding phishing, the additional layer of security that MFA provides makes the traditional username and password access ineffective for attackers.


To satisfy regulatory requirements

MFA BLog 2 pic 4.jpg

The Commission on Enhancing National Cybersecurity, a newly formed Federal committee, recently created the Cybersecurity National Action Plan (CNAP). This committee is tasked with making all government websites and transactions secure and

specifically named MFA as a means to create that security. The CNAP is just one of hundreds of federal, state and local agencies

that are tuned into the cyberlandscape and trying to protect your personal information.

VUMC has the added complexity of regulatory requirements related to healthcare.  The healthcare industry continues to see a growing need to improve security surrounding PHI and employee information.

MFA satisfies regulatory requirements, protects our data and ensures the safety of your personal information. See the VUMC policy on the Use of Mobile Devices to Conduct VUMC Business.


Enhanced user authentication like MFA is particularly important when it comes to basic access to VUMC systems and is even more important in preventing fraud and ensuring secure payment initiatives like your paycheck. See our article next week, “Three ways VUMC is making MFA easy for you.”

Visit for additional information about MFA and download the MFA Information Sheet and post it in your area.