In between the keystrokes of a PC or mobile device and application or browser, exists a wide open vulnerability that puts millions of health records at risk.
The Business Problem
Despite the thousands of dollars healthcare organizations invest in cyber security, the
theft of healthcare data continues to climb. Healthcare information is valued higher than
credit card data on the black market because health records never expire. According to
recent reports, the majority of hacks involve stolen credentials, which are then leveraged
in the initial stages of a healthcare breach in an effort to locate and steal EHR (electronic
health records) and PII (personal identifiable information). Using various phishing
techniques that cause the victim to unknowingly download a keylogger to his or her
device, these passwords can be easily stolen from even the most well-educated clinical
or administrative employee. The keylogger intercepts keystrokes as they travel from the
keyboard to the browser or application and is one of the main components in most
advanced persistent threats. In fact, keyloggers were at the helm of many of the high
profile healthcare breaches of our time including the Anthem breach which stole over 80
million patient records.
Unfortunately, most security protocols do not protect the keystrokes as they travel to the
browser or application. Antivirus can only detect known catalogued malware and since
many zero day keyloggers are polymorphic, they have the ability to change their form
and go on undetected for moths and sometimes years. Each year, healthcare
organizations pay millions in penalty fees for losing EHR (electronic health records) and
PII (personal identifiable information) to hackers. Studies show that breaches cost
America’s hospitals roughly $6 billion a year. With close to 85 percent of healthcare
professionals using the same device for both personal and professional use, the chance
of downloading a keylogger greatly increases.
ACS EndpointLock™ was designed to address the existing and growing intrusion of
keylogger spyware in the PC and Mobile environments. ACS EndpointLock™ patented
keystroke encryption, uses AES 256 encryption and Keystroke Transport Layer Security
(KTLS™) technology in the lowest possible layer in the kernel to protect the endpoint’s
keystrokes from being captured by a keylogger.
Other features include:
• Anti- screen capture and anti-click-jacking
• Can be deployed via Group Policy
• McAfee ePO compatible
• Monitors the kernel and warns of deep level compromise
For safer Wi-Fi transmission of credentials, ask about ACS Protect ID™ Dual Channel
Multifactor Authorization, which separates the credentials and sends the username and
password on different channels.