HEALTHCARE

Secure remote access, everywhere
Route1 Secure remote access

The wrong kind of famous

Getting listed on the HIPAA Wall of Shame is the kind of exposure that no organization wants. This U.S. Department of Health website lists healthcare providers who have failed to secure the protected health information (PHI) of 500 or more individuals.

According to the Department of Health’s website, the HIPAA Security Rule “establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.”1

With up to eight breaches listed on the breach report website per day, safeguarding PHI is an ongoing issue in America—especially when you consider that smaller breaches don’t make the list, and that not all breaches are detected.

Secure remote access…without the ‘secure’

When healthcare organizations want to share PHI securely, they typically turn to virtual private network (VPN) technology, which can be effective in keeping data secure. But as with any legacy technology, there are cracks in VPN’s armor.

In March 2020, the U.S. Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency (CISA) issued an alert regarding VPNs. Vulnerabilities that had come to light in a number of popular VPNs over the year previous, coupled with a massive increase in remote workers due to the recent coronavirus, prompted the alert.2

CISA’s alert was prefaced by at least one major cyber incident: an attempted cyberheist in January 2020 in which cybercriminals targeted a vulnerability in the healthcare-focused Pulse Connect Secure VPN. Attempting to deliver REvil ransomware, attackers tried to access the PHI of over 14,500 active VPN users in more than 12 countries, over a third of which were in the United States3. PulseSecure had released a patch to correct the vulnerability in April 2019, yet 9 months later many organizations had still failed to put the patch in place—effectively negating the protection that VPN is supposed to provide.

Route1 Secure remote access
Route1 Secure remote access

Secure remote access…without the ‘secure’

When healthcare organizations want to share PHI securely, they typically turn to virtual private network (VPN) technology, which can be effective in keeping data secure. But as with any legacy technology, there are cracks in VPN’s armor.

In March 2020, the U.S. Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency (CISA) issued an alert regarding VPNs. Vulnerabilities that had come to light in a number of popular VPNs over the year previous, coupled with a massive increase in remote workers due to the recent coronavirus, prompted the alert.2

CISA’s alert was prefaced by at least one major cyber incident: an attempted cyberheist in January 2020 in which cybercriminals targeted a vulnerability in the healthcare-focused Pulse Connect Secure VPN. Attempting to deliver REvil ransomware, attackers tried to access the PHI of over 14,500 active VPN users in more than 12 countries, over a third of which were in the United States3. PulseSecure had released a patch to correct the vulnerability in April 2019, yet 9 months later many organizations had still failed to put the patch in place—effectively negating the protection that VPN is supposed to provide.

Route1 Secure remote access

Access remote data securely, without moving it

The venerable VPN (See What is a VPN) was invented in 1996. Since that time, its basic, intended premise has not changed: move data from A to B (or A to B to C) safely by encrypting it.

True secure remote access, however, involves leaving data in place. Data should be accessed remotely, but not moved. Because as soon as you move data, you vastly increase security risk.

Route1 provides a solution that involves secure remote data access without movement, in active use in the healthcare sector, as well as in the corporate sector and throughout the U.S. Department of Defense. It’s an elegant and highly secure solution that can provide access to the network from inside or outside of the healthcare environment. Since the data doesn’t travel, it does not reside on the device accessing it, which means that those accessing it can use any device. The solution can also leverage existing staff smart cards for two-factor authentication.

If data must move (for any variety of reasons), Route1 is well-rounded enough to have a separate device management server option. With it, enterprise management capabilities that enable administrators to centrally register, block/unblock, revoke, set polices, integrate third party applications for secured access, audit, and “kill” devices remotely—all while capturing activity, informing corrective behaviors; with the highest level of confidence. 

Do more with your data


Securing data, however, is table stakes. It’s the very least that an organization can (and must) do with its data. The real game is making better use of the data you have for efficiency and profit.

Like water and air, data has become a staff of life for the modern healthcare organization. Maintaining terabytes of data and not making use of it for positive results is something that businesses can no longer justify. Making better decisions requires relevant, accessible, secure data, and the more the better. The outcome is superior results, from customer experiences, to employee experiences, to profit.

“Like water and air, data has become a staff of life for the modern healthcare organization.”

If you haven’t yet, it’s high time to transform your data from a liability into an asset. Businesses that have taken charge of their data are already ahead, and recent economic setbacks are widening the gap between those who have and those who have not. Helping organizations to turn data into actions is something that we do very well.

Toughen Up Your Tools

As nurses, doctors, and administrators continue to work the front lines during the COVID-19 pandemic, rugged devices—which can be wiped down for repeat cleanings and survive drops, spills and other hazards of a healthcare setting—are more critical than ever. Monitoring patients, accessing electronic health records, communicating with doctors, and scanning important barcodes come with peace of mind when teams know the equipment can withstand drops and exposure.

Beyond that, Route1 is keenly aware of device vulnerabilities and provides military-grade rugged technology for hospitals, first responders, government and our armed forces that is vulnerability-free. Our services can include pre-deployment planning, deployment project management and installation, and post-deployment maintenance—a full-service solution. We can also combine this with a tailormade device-based analytics program in order to bring further efficiencies to operations.

 

Tablets

Security as a first principle

Five Military Crests

Whether architecting a data analytics solution or managing a custom software integration, Route1 builds technology solutions with security as a first principle. That’s where our organization began and where it continues to excel: we invented data security and user authentication technologies that landed us patents in Canada and the U.S. and technology accreditations (ATOs) with the U.S. Department of Defense. From remote user authentication to a secure remote access solution that delivers their trusted desktop to personnel wherever they are, we help agencies of all kinds deliver military-grade data security.

1Health Information Privacy, U.S. Department of Health & Human Services, HHS.gov

2CISA Warns of Exploitation of Vulnerabilities in VPNs and Campaigns Targeting Remote Workers, HIPAA Journal, March 2020

3Over 14,500 Pulse Secure VPN endpoints vulnerable to CVE-2019-11510, HIPAA Journal, March 2020