+1-202-802-9399 U.S. Headquarters


Thycotic helps protect patient data, safeguard against malware attacks, and demonstrate HIPAA compliance

WHAT’s the challenge

To meet the Health Insurance Portability and Accountability Act (HIPAA) privacy and security requirements, healthcare organizations must maintain a secure IT environment that restricts access to digital medical records and protected health information (PHI).

WHY it’s important

Failure to properly safeguard patient privacy and data can be very costly to healthcare institutions with recent high profile penalties ranging from hundreds of thousands to millions of dollars.

HOW we solve it

Thycotic provides comprehensive Privileged Access Management and Security solutions that secure privileged account passwords and lock down applications, endpoints, and OS configurations to help healthcare organizations secure patient data and demonstrate HIPAA compliance.

Start Your 30-Day Free Trial
Secret Server full-featured solution

Choose your deployment option:
By completing this form you are opting into emails from Thycotic. You can unsubscribe at any time.

Citing data from the Office for Civil Rights…more than 155 million Americans have had their medical information exposed without their permission since 2009. This stems from approximately 1,500 breach incidents.

– HealthITsecurity.com, May 06, 2016

Meeting the HIPAA Security Rule for IT

With digital medical records, patient online portals, and other electronic methods of healthcare data management, maintaining a secure network is critical to meeting the Health Insurance Portability and Accountability Act (HIPAA) privacy and security requirements. HIPAA’s security requirements are made up of several technical security measures, which require covered entities to maintain reasonable safeguards for protecting electronic protected health information (PHI).

To protect patient data, IT teams need to take a comprehensive approach to network security in addressing both external and internal threats through:

  • Defensive measures like firewalls, encryption, anti-virus software, and regular testing.
  • Tracking user activity and knowing who is doing what and when, especially for network systems.
  • Limiting or restricting user access to various file systems, servers, and other network equipment.
  • Establishing strong policies for password security, including password complexity and requirements for frequent rotation.


Focus on protecting privileged IT accounts

IT accounts, such as IT admin accounts or application/service accounts, each grant a specific level of access on the network. Typically IT teams share these credentials amongst themselves to gain access to equipment and services as needed. This makes it very difficult to know who exactly is accessing which device and to restrict access amongst IT staff. In addition, healthcare organizations can have hundreds, if not thousands of privileged accounts, each with their own password. To maintain proper security and help demonstrate compliance, healthcare IT departments need to automate the management and enforcement of privileged account credential security.

Thycotic helps close the gap between compliance and a secure IT environment

While HIPAA has standards such as access control, authentication procedures, transmission security, and audit control to protect PHI, these compliance standards do not necessarily cover the local IT admin accounts or domain accounts, which access and run dependencies on machines storing or interacting with the PHI. Without HIPAA mandating how entities should manage access and rotation of these accounts, the Department of Health and Human Services’ (HHS) research has showed an increase in malicious targeting of healthcare IT systems. Targeting attacks such as ransomware take advantage of the 243 days that HHS found it takes for most HIPAA compliant environments to detect malicious activities.

Thycotic’s Secret Server is a solution for closing the gap between meeting compliance mandates and making your technical environment truly secure. Secret Server Password Management Software manages the availability, rotation, and integrity of privileged accounts that allow access to electronic Protected Health Information.

Thycotic Secret Server creates a centralized, encrypted location for password storage, the ability to restrict access by role, full auditing of credential usage, and automatic password changing. Add a custom security policy to Secret Server to automatically change passwords at required times, enforce password length and complexity requirements, and ensure sensitive systems maintain a high level of access control and oversight over privileged accounts. Those are just a few features in Secret Server that are able to protect access to your e-PHI data as well as ensure that your company is meeting HIPAA Security Rule requirements.

These are nervy times for HIPAA covered entities, and now more than ever, it is essential that those responsible for safeguarding PHI to take time to understand the details of the HIPAA Privacy, Security and Breach Notification rules.

– HealthITsecurity.com, April 28, 2016

Try Privilege Manager for Windows free for 30 Days

By completing this form you are opting into emails from Thycotic. You can unsubscribe at any time.

Endpoint security for

Protect endpoints from malware and secure users with Least Privilege Access

Local administrator rights have become a necessary evil in healthcare network environments. Because of the unfettered access these rights provide, administrator accounts and privileges are one of the most common targets of hackers and cyber-criminals. Once gained, administrator privileges allow an attacker to install malware, steal information from the system, compromise other systems, and stage additional attacks against domains, servers and other devices within the network. Limiting access to administrator rights, however, presents challenges that impact your trusted users since legitimate software often requires administrator rights to be properly installed.

Fortunately, Thycotic offers easy-to-manage and simple tools that can help you mitigate these risks by promoting a Least Use Privilege strategy for all users on all your Windows endpoints. Thycotic Privilege Manager for Windows, for example, enables organizations to limit the need for providing Administrator rights to end users, business users and IT admins while providing a flexible and dynamic framework for allowing safe, trusted software to be installed as required. This means that malicious software can’t be installed, even accidentally, protecting your systems from a variety of the most common hacker attacks.

Adhering to this Least Use Privilege strategy allows organizations to mitigate the risk from over 90% of the Critical-rated vulnerabilities from Microsoft for Windows and reduces the ability for hackers to infiltrate and attack these target systems.

Thycotic helps you lock down Windows applications, endpoints, and OS configurations

Health Care organizations today need to lock down desktops and stop malware and ransomware attacks that can have devastating and costly consequences. That means removing IT admin privileges from most users to lower risk, and limiting privileges for IT admins to improve security. The powerful combination of Thycotic’s endpoint security tools help ensure you can stop malware attacks at the end-point to limit an attacker’s ability to move beyond their initial point of entry.

Stop exploits such as malware and ransomware at the endpoint

Thycotic provides comprehensive endpoint privilege management and security solutions that:

  • Assure least privilege application control.
  • Enable administrative user group management.
  • Demonstrate security compliance and automated remediation.

Get your FREE Discovery Tools to assess your privileged account and endpoint risk.

No cost. No kidding. It’s FREE forever!

Thycotic Active Directory Service Accounts Discovery Tool


Windows Discovery




Endpoint Discovery




UNIX Discovery


How do your Privileged Password
practices compare?

Find out now

FREE Privileged Password
Best Practices Benchmark Survey

Take the Survey