Vanderbilt leverages multi-factor authentication

Faced with mounting phishing attacks, Vanderbilt University Medical Center is implementing multi-factor authentication for online access to data.

According to VUMC, cybercriminals have been launching email scams against the Nashville, Tenn.-based healthcare organization to steal employee login credentials. Data held by human resource departments is often the target of these attacks—in fact, it’s become almost a daily occurrence for someone at Vanderbilt to receive a phishing email.

VUMC-CROP.jpg
Vanderbilt Medical Center Campus photos, summer 2014 ( Daniel Dubois / Vanderbilt University)

Also See: Vanderbilt issues warning about email spoofing, phishing attacks

“When a phishing attack on an employee succeeds, the hacker might go first to the human resources system to get the employee’s bank account information (on file to allow automatic deposit of paychecks) and Social Security number,” warns VUMC’s Enterprise Cybersecurity group.

However, starting on November 19, multi-factor authentication will be required when users of C2HR (the HR self-service portal) try to access their direct deposit information, tax information or personal profile.

“MFA allows for an extra layer of security when you want to access certain VUMC resources and protects your data and the data of our patients from cyber attackers,” according to the organization’s Enterprise Cybersecurity unit.

The multi-factor authentication capability will be provided by an app called Gemalto’s SafeNet MobilePASS that can be downloaded to most mobile devices. For those C2HR users who do not have a mobile device, they can request a hard token with a digital readout for display of authentication codes.

While multi-factor authentication is already in effect at VUMC for electronic prescribing of controlled substances, over the coming months, additional systems at the organization will begin instituting this “cybersafe communication” to keep patient and confidential information secure.

“We’re beginning the switch to broad use of multi-factor authentication as an important new safeguard for our employees and our enterprise,” said Andrew Hutchinson, executive director of VUMC’s Enterprise Cybersecurity, in a written statement. “Security attacks are unrelenting, and we view MFA as a vital and necessary addition to VUMC’s enterprise cybersecurity program.”

For reprint and licensing requests for this article, click here.