By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
What Is MFA?
Multi-Factor Authentication, or as it has become commonly known, MFA, is the practice of “doubling down” on your login security. You are using Multiple (more than one) Factors (ways or methods) to Authenticate (verify) your identity when you access an account. When you hear the term 2FA, this means that you need two factors to authenticate or verify your identity.
For example, you’ll often log in to an account and receive a code via text that you then input to complete the login process. This is MFA in action. You have entered your username and password, but then that second form of verification, the texted code, adds more security. This is done by linking to an identifying record that is very specific to the user – your mobile phone number.
But My Office Only Has a Few Employees
Yes, it can seem frustrating at first thought that you would have to continually login (and log out), with an added step or authorization, to access the same devices you use repeatedly. But consider how easily one inappropriate or unauthorized login to a business account could debilitate an organization when it comes to cybersecurity and HIPAA compliance. And, in many instances, a security incident of unauthorized account access could be avoided if multi-factor authentication was enabled.
MFA is not only there to protect your patient’s data, but also you. How? If a device or machine is easily logged into with a stored or saved username and password, the potential damage can be linked to that user id – and what if that id is yours? It seems unlikely that any employee would want to be accountable for the actions of others. Additionally, changes or modifications to information would not be traceable should there be something that needs to be undone or linked to an individual. The HIPAA Security Rule establishes standards for healthcare-covered entities and their business associates that include safeguards for physical, technical, and administrative aspects within a business, with MFA being part of that discussion.
Do You Need MFA?
So, when it comes to the question of whether you need to implement multi-factor authentication, we would highly encourage you to do so. Aside from the benefits of protecting your accounts from unauthorized access, there are other reasons to consider implementing MFA. For example, some cyber insurance carriers now require security safeguards, including multi-factor authentication in order to receive coverage. And don’t just protect your accounts in the office! Implement MFA on your personal accounts and encourage your family and friends to do the same to protect your sensitive personal information as well.
This article was originally published on HIPAA Secure Now! and is republished here with permission.