THE MISSING LINK In Healthcare Security Protocol

In between the keystrokes of a PC or mobile device and application or browser, exists a wide open vulnerability that puts millions of health records at risk.

The Business Problem

Despite the thousands of dollars healthcare organizations invest in cyber security, the theft of healthcare data continues to climb. Healthcare information is valued higher than credit card data on the black market because health records never expire. According to recent reports, the majority of hacks involve stolen credentials, which are then leveraged in the initial stages of a healthcare breach in an effort to locate and steal EHR (electronic health records) and PII (personal identifiable information). Using various phishing techniques that cause the victim to unknowingly download a keylogger to his or her device, these passwords can be easily stolen from even the most well-educated clinical or administrative employee. The keylogger intercepts keystrokes as they travel from the keyboard to the browser or application and is one of the main components in most advanced persistent threats. In fact, keyloggers were at the helm of many of the high profile healthcare breaches of our time including the Anthem breach which stole over 80 million patient records.

Unfortunately, most security protocols do not protect the keystrokes as they travel to the browser or application. Antivirus can only detect known catalogued malware and since many zero day keyloggers are polymorphic, they have the ability to change their form and go on undetected for moths and sometimes years. Each year, healthcare organizations pay millions in penalty fees for losing EHR (electronic health records) and PII (personal identifiable information) to hackers. Studies show that breaches cost America’s hospitals roughly $6 billion a year. With close to 85 percent of healthcare professionals using the same device for both personal and professional use, the chance of downloading a keylogger greatly increases.

The Solution

ACS EndpointLock™ was designed to address the existing and growing intrusion of keylogger spyware in the PC and Mobile environments. ACS EndpointLock™ patented keystroke encryption, uses AES 256 encryption and Keystroke Transport Layer Security (KTLS™) technology in the lowest possible layer in the kernel to protect the endpoint’s keystrokes from being captured by a keylogger.

Other features include: • Anti- screen capture and anti-click-jacking • Can be deployed via Group Policy • McAfee ePO compatible • Monitors the kernel and warns of deep level compromise For safer Wi-Fi transmission of credentials, ask about ACS Protect ID™ Dual Channel Multifactor Authorization, which separates the credentials and sends the username and password on different channels.