Share this article on:
TrueVault, a provider of a HIPAA-compliant cloud storage platform for personally identifiable information, has announced that multi-factor authentication has now been added to the TrueVault Management Console.
The TrueVault platform was developed specifically to store personally identifiable information (PII) and protected health information (PHI) to ease the compliance burden on healthcare organizations that are developing cloud-based applications. Rather than having to build HIPAA Security Rule safeguards into their own applications to ensure PII/PHI is protected, TrueVault assumes that responsibility, allowing customers to concentrate on developing the core features of their applications.
HIPAA-compliant cloud resources incorporate the necessary safeguards to ensure the confidentiality, integrity, and availability of electronic PII/PHI. Those resources require some form of authentication, such as a username and password, to prevent unauthorized access. Through phishing attacks, social engineering techniques, and human error, passwords may be inadvertently disclosed and could potentially be used by unauthorized individuals to gain access to those cloud resources. Multi-factor authentication makes unauthorized access far more difficult.
Since TrueVault administrative accounts allow access to PII/PHI through the management console, it is important to ensure that those accounts are properly secured. With the new multi-factor authentication feature enabled, users’ accounts will require an additional means of authentication in addition to a password before access to the Management Console is granted.
This is achieved via a Time-based One-Time Password (TOTP) app on a smartphone, such as Authy or Google Authenticator. When MFA is enabled, users will not be able to login to their accounts without a TOTP from their phone.
When a login attempt is made, a one-time code is sent to the user’s device which must be entered before access to the Management Console is granted. In the event of a password being compromised, access to the account will not be granted without the TOTP.