Imprivata has released the latest versions of its customer and vendor privileged access management solutions. This release includes significant back-end updates, front-end enhancements, and improvements to the Nexus, providing even greater security, control, and visibility. 

For the last two decades, Imprivata Customer Privileged Access Management (formerly SecureLink Customer Connect) and Imprivata Vendor Privileged Access Management (formerly SecureLink Enterprise Access) have provided customers with the simple, smooth, and secure connectivity they need. The latest release continues that story, with back-end updates to enhance connectivity, additional administrator capabilities, and Nexus updates to facilitate even more seamless connectivity between organizations and vendors.

Back-end updates

Back-end updates may not be the flashiest technological advancements to talk about, but they ensure our customers continue to experience the seamless connectivity and security they have come to expect from Imprivata, as well as new capabilities and refinements. The 24.1 releases of Imprivata Vendor Privileged Access Management (VPAM) and Imprivata Customer Privileged Access Management (CPAM) include enhancements to the back-end architecture that streamline how vendors make connections. These changes improve how quickly vendors can connect to provide support to their customers.

Front-end updates

The latest solution updates offer even greater control and visibility over access. Administrators can more easily and precisely extract and analyze the information they need from the admin log by filtering and exporting data. This information helps them answer questions from internal stakeholders, and provides detailed information to auditors.

Organizations using VPAM gain additional information about vendor access by configuring required, customizable fields that vendor users must complete before they’re granted access to specific applications. This customizable step not only provides admins with additional context about access and users, but also supplies data valuable to highly regulated organizations that need to supply this kind of user information to auditors.

Finally, the user interface (UI) now reflects updated product names, which now reflect that these solutions are a core part of the Imprivata portfolio.

Enhancements to the Nexus

For those who may be unfamiliar with the Nexus, it is an included Imprivata solution that securely brokers connectivity between a VPAM organization and CPAM vendor who already have an established relationship. With the Nexus, neither side has to compromise on how they make or allow connections, and each has the control, visibility, and seamless connectivity they need.

This latest release includes additional advancements to the Nexus, including updates to user authentication, greater information about connectivity status, and additional details captured in the audit. This provides both VPAM and CPAM customers with greater value from this solution, which is unique in the market.

The goal: Efficient access without compromising security

In today’s ever-evolving threat environment, organizations must address the considerable risks associated with external access. CPAM and VPAM mitigate these risks, providing streamlined and secure access that organizations can rely on to help keep them safe and compliant. Make sure your organization takes advantage of the newest capabilities and enhancements available in VPAM and CPAM by upgrading to the latest version.

For customers wanting full details on the latest feature additions and enhancements, check out the release highlights here. Not yet using VPAM or CPAM, but interested in learning more? Request a demo today!

Recent healthcare data breaches prove that risks can come from anywhere. From vendor access risks to insider snooping, the security landscape needs to change.

The threats of ransomware and cybercrime strike fear into the hearts of healthcare organizations across the globe. And with good reason. The Hive ransomware group, alone, targeted over 1,500 victims in over 80 countries before they were infiltrated by the FBI. But data breaches don’t just originate with criminal organizations seeking millions through fraud and extortion.

That means you need to understand – and protect against – the wide range of data breaches that could impact your organization. Here are a few different types of data breaches, and what could have been done to prevent them.

Third-party data breaches

It’s nearly impossible to do business today without engaging at least one third-party service provider. And giving access to any third-party vendor creates a point of vulnerability that must be secured.

But what happens when a third-party vendor is hit with a cyberattack? Broward Health, a healthcare system in Florida, recently found out that it can have huge downstream effects.

Broward Health experienced a data breach when a bad actor gained unauthorized access to their network through a third-party medical provider. The personally identifiable information (PII) exposed included names, dates of birth, financial information, phone numbers, email addresses, Social Security numbers, insurance information, driver’s license numbers, and medical records – including medical histories, diagnoses, and treatments.

The healthcare system investigated and does not believe the data was misused. However, they did implement an enterprise-wide password reset and enhanced security measures that included multifactor authentication for all users. They also offered free identity theft services to the 1,357,879 individuals impacted.

This data breach underscores the need for a robust vendor privileged access management (VPAM) solution. Without one, organizations keep themselves open to the risks of not locking down third-party privileged access. It’s no longer safe to provide your vendors with broad, privileged access based on trust. Instead, you need to level up your own security strategy to protect your organization’s weakest attack vector.

Insider snooping

Having a VPAM solution is crucial, but it’s only part of the picture. With data breaches, sometimes the call is coming from inside the house. That’s why the ability to detect insider threats is so important. Whether due to negligence or malicious intent, insider snooping can cause a lot of damage.

One recent example: on January 19, 2023, the DCH Health System in Tuscaloosa, Alabama announced an employee-related privacy breach.

During a regular privacy audit, DCH Health discovered a hospital employee had accessed electronic patient records without authorization. Further investigation showed that this wasn’t the first time. Between September 2021 and December 9, 2022, the employee accessed and viewed approximately 2,530 patient records.

While a data breach recovery expert found no misuse of the information, and DCH Health provided free identity theft protection services to the affected patients, the employee still had inappropriate access to sensitive data – and was caught too late.

So, what could’ve been done here? If the employee was someone with authorized access to patient data – like a nurse – who was misusing those rights, a patient privacy monitoring solution would address the problem. If the employee wasn’t on the medical team, then better access governance paired with patient privacy monitoring would’ve prevented – or stopped – the inappropriate access.

Either way, when sensitive patient data is at stake, protecting it is paramount.

Blocking breaches before they happen, no matter where they start

The varied starting points of data breaches mean that you need a truly robust security strategy that covers more than just the “traditional” idea of breaches, including vendor access and insider snooping.

Manual monitoring has value but isn’t enough to keep up with the number of accesses to an EHR, or the varied cyberthreats to today’s healthcare organizations. Ideally, monitoring for patient privacy should be automated with systems that use artificial intelligence, machine learning, and behavioral analytics, as well as human know-how.

Likewise, risk analytics should do more than catch or obstruct cybercriminals who target your organization. They must also address security risks from employees and third-party vendors.

Patient privacy solutions ensure HIPAA compliance, but their purpose is even greater. On top of preventing penalties and criminal prosecution, reducing risk with behavioral monitoring and analytics helps build trust. An atmosphere of trust and privacy promotes patient retention, encourages active involvement with treatment plans, and supports patient-centered care.

Read how AI-powered solutions can protect patients, improve compliance, and streamline investigations in this case study.