Preventing Cyberattacks and Phishing Schemes with Defense-in-Depth Strategies

Strategic Look at Preventing Cyberattacks and Phishing Schemes

It takes about 350 days (yes, nearly a year) for the healthcare industry to identify and contain a data breach, according to a study conducted by the Ponemon Institute and IBM. To reduce the amount of time spent on remediation activities, regulatory inquiries, and litigation in the years following a breach, organizations must have proper security measures in place to prevent cyberattacks from happening in the first place. The study found organizations that use proactive data recovery planning decreased the cost and frequency of data breaches by more than 30 percent. Plus, the consequences of a data breach in healthcare are severe. On average, companies that have business continuity management (BCM) programs saved 44 days in the identification of a data breach, days in the containment of a data breach, and 31 days in recovery from a data breach. 

To fill in security gaps and mitigate cyberattacks such as phishing schemes, two-factor authentication (2FA), also known as multi-factor authentication (MFA), must be utilized on every device that sends and receives PHI. Over the years, phishing schemes have shifted from traditional malware infections into attempts to steal personal information. Two-factor authentication can prevent phishing schemes by requesting a combination of credentials at access points that only the actual patient, doctor, billing operator or pharmacist would know. The combination of credentials can be a strong password accompanied by a personal PIN, or a smart card that is supported by a fingerprint.  

Here at ETHERFAX, security is our main priority and we use multiple defense-in-depth strategies including 2FA, in-network routing, end-to-end encryption, and government mandated regulations to protect sensitive information.  

Advanced Authentication

To maintain the highest possible security, ETHERFAX requires all employees, resellers, integrators, and customers to utilize two-factor authentication when accessing the ETHERFAX portals. We currently utilize Google Authenticator, which is the most widely accepted two-factor authentication application, as well as SMS.

In-Network Routing

The ETHERFAX Secure Exchange Network (SEN) is the world’s largest ecosystem with more than six million connected endpoints. With the ability to route documents to other ETHERFAX peers within the ETHERFAX network, sensitive data is never transmitted through an external telephone network.  

End-to-End Encryption

Encrypting sensitive data renders it useless in the event of a network breach. ETHERFAX SENx utilizes well-defined, end-to-end encryption methods such as those defined in the Elliptic Curve Integrated Encryption Scheme (ECIES) to ensure all communications remain secure between remote client sites and the ETHERFAX network. ETHERFAX SENx guarantees that information is encrypted from the moment it leaves the sending device or application until it is accepted and validated by the receiving party.  

Compliance Certifications

To maintain the highest level of security at all times, our cloud-based fax solutions are SOC 2 compliant, HIPAA compliant, PCI DSS compliant, and will be HITRUST certified in Q2 2019.  

Learn more about our defense-in-depth strategies here 

Paul Banco

As CEO of ETHERFAX®, Banco is responsible for the strategic direction of the company and leads technology development, including the patented ETHERFAX and ETHERFAX SEN intellectual property. Banco helped organizations automate their fax server operations. As a visionary, he identified the need to leverage the cloud for secure document delivery and co-founded ETHERFAX in 2009 with other telecom industry veterans.

Check these out too...