Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

HIPAA: Closing the Gap between Being Compliant and Being Secure with Secret Server

Written by Ashley Allen

April 26th, 2016

With digital medical records, patient online portals, and other electronic methods of healthcare management, maintaining a secure network is critical to meeting the Health Insurance Portability and Accountability Act (HIPAA) privacy and security requirements. HIPAA’s security requirements are made up of technical security measures, which require covered entities to maintain reasonable safeguards for protecting electronic protected health information, most commonly known as e-PHI.

The safeguards have standards such as access control, authentication procedures, transmission security, and audit control. All of which were created and are implemented keeping e-PHI in mind, but not necessarily the local accounts or domain accounts, running dependencies on those machines storing or interacting with the e-PHI. Without HIPAA mandating how entities should manage access and rotation of these accounts, the Department of Human and Health Services’ (HHS) research has showed an increase in malicious targeting of the healthcare system. Targeting attacks such as ransomware, take advantage of the 243 days that HHS found it takes for most HIPAA compliant environments to detect malicious activities. These types of security vulnerabilities have led to the amount of Americans affected increasing from 7.4 million in 2014, to 41 million in 2015.

Thycotic’s Secret Server is a solution for closing the gap between meeting compliance mandates and making your technical environment truly secure. Secret Server Password Management Software manages the availability, rotation, and integrity of the privilege accounts that allow access to electronic Protected Health Information (e-PHI). The tool creates a centralized, encrypted location for password storage, the ability to restrict access by role, full auditing of credential usage, and automatic password changing. Add a custom security policy to Secret Server to automatically change passwords at required times, enforce password length and complexity requirements, and ensure sensitive systems maintain a high level of access control and oversight over privileged accounts. Those are just a few features in Secret Server that are able to protect access to your e-PHI data as well as ensure that your company is meeting HIPAA Security Rule requirements.

Want to also learn how Secret Server can also protect against ransomware attacks?  Find out how to protect healthcare systems by eliminating ransomware’s ability to install on your network — keeping your healthcare systems running so your healthcare teams can make time-sensitive health decisions for your patients. Download the healthcare ransomware white paper today.