Cybersecurity Awareness: Multi-Factor Authentication


As a HIPAA-covered organization or business associate, you should set basic safeguards around your electronic protected health information (ePHI) so that it stays private and secure. Therefore, to celebrate National Cybersecurity Awareness Month (NCSAM), we will continue to focus on the basics of security. The last post covered patch management tips and showed how failing to patch software can lead to a major breach. Multi-factor authentication (MFA) is another important safeguard you can easily use to secure your data.

What is Multi-Factor Authentication?

MFA is when you use two or more credentials to access your information. The three types of credentials are:

  1. Something you know, or “knowledge factor.” You enter a password, passcode, or passphrase that only you know (Helpful Hint: don’t leave it on a sticky note).
  2. Something you have, or “possession factor.” You use a physical key or keycard with a personal identification number (PIN) assigned only to you.
  3. Something you are, or “inherence factor.” You use a biological trait to identify yourself, including fingerprints, hand geometry, retina or iris, and voice.

Using several types of credentials is the most secure way to check if a person can access ePHI. If someone steals your keycard, they still can’t access the system because they don’t know the passcode.

Basically, multi-factor authentication adds layers to the process of accessing private information. Because it’s easy and reliable, you should use MFA on any devices/systems that handle ePHI. For more NCSAM security advice, see this short list of tips from the U.S. Department of Health and Human Services.

Furthermore, to help you and your team manage security compliance, HIPAAtrek sends automatic reminders about login monitoring, password management, and malicious software. Learn more about how HIPAAtrek can help you simplify your HIPAA compliance program.

Are you up to date with HIPAA?

Check out our cheat sheet for staying up to date with changing regulations!

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Double Extortion: What It Is, and How You Can Prevent It

If organizations refuse to pay their ransom, attackers are threatening to release the data publicly. This will of course include sensitive information and PHI. Before Double Extortion, we assumed that hackers could not actually access our data and were only with-holding it from victims to disrupt the ability to continue their work. Now we know they can extract this information and publish it online, breaching our patient’s security.

Read More »