Cybersecurity: Make breaches more difficult

Q. What is multi-factor authentication? 

A. If you’re like one-third of Americans, you’ve gotten a lovely letter from Change Healthcare informing you of what you already know: Your health care data was part of their recent breach and is out in the wild.  

Why did this happen? Andrew Witty, CEO of United Healthcare, Change’s corporate parent, revealed that the root cause of the breach was a lack of multi-factor authentication on a particular service, and that opened the whole organization up to attack.  

You probably use it at least once a week, but don’t realize it. MFA uses two distinct and unrelated ways to prove who you are. Have you used a debit card that required you to insert the card, then enter a secret PIN? That is multi-factor authentication!  

Today, MFA is mostly used for networks by combining a password (which you know) and an interaction with an app installed on your smartphone (which is something you have). For extra points, this can ask for face or fingerprints (which is something you are). If you’ve been around hospital settings, you may also see nurses logging in with a password and by scanning their badge. There are many different ways that this can work with your business process and clinical process. 

Ultimately, the goal of MFA is to make it significantly more difficult for attackers to gain access to your company’s systems in the event that an employee loses their laptop, is tricked by a phishing email, or uses the same password on other sites.  

Here's the best part: Implementing MFA doesn’t need to be expensive. You may already have access to the capability through systems that natively support it. Typically, all that is required is an investment in time and some planning by your IT team. It’s worth it; even for your personal accounts!

Brandon Potter is chief technology officer at ProCircular. Reach him at bpotter@procircular.com.