Imprivata has released the latest versions of its customer and vendor privileged access management solutions. This release includes significant back-end updates, front-end enhancements, and improvements to the Nexus, providing even greater security, control, and visibility. 

For the last two decades, Imprivata Customer Privileged Access Management (formerly SecureLink Customer Connect) and Imprivata Vendor Privileged Access Management (formerly SecureLink Enterprise Access) have provided customers with the simple, smooth, and secure connectivity they need. The latest release continues that story, with back-end updates to enhance connectivity, additional administrator capabilities, and Nexus updates to facilitate even more seamless connectivity between organizations and vendors.

Back-end updates

Back-end updates may not be the flashiest technological advancements to talk about, but they ensure our customers continue to experience the seamless connectivity and security they have come to expect from Imprivata, as well as new capabilities and refinements. The 24.1 releases of Imprivata Vendor Privileged Access Management (VPAM) and Imprivata Customer Privileged Access Management (CPAM) include enhancements to the back-end architecture that streamline how vendors make connections. These changes improve how quickly vendors can connect to provide support to their customers.

Front-end updates

The latest solution updates offer even greater control and visibility over access. Administrators can more easily and precisely extract and analyze the information they need from the admin log by filtering and exporting data. This information helps them answer questions from internal stakeholders, and provides detailed information to auditors.

Organizations using VPAM gain additional information about vendor access by configuring required, customizable fields that vendor users must complete before they’re granted access to specific applications. This customizable step not only provides admins with additional context about access and users, but also supplies data valuable to highly regulated organizations that need to supply this kind of user information to auditors.

Finally, the user interface (UI) now reflects updated product names, which now reflect that these solutions are a core part of the Imprivata portfolio.

Enhancements to the Nexus

For those who may be unfamiliar with the Nexus, it is an included Imprivata solution that securely brokers connectivity between a VPAM organization and CPAM vendor who already have an established relationship. With the Nexus, neither side has to compromise on how they make or allow connections, and each has the control, visibility, and seamless connectivity they need.

This latest release includes additional advancements to the Nexus, including updates to user authentication, greater information about connectivity status, and additional details captured in the audit. This provides both VPAM and CPAM customers with greater value from this solution, which is unique in the market.

The goal: Efficient access without compromising security

In today’s ever-evolving threat environment, organizations must address the considerable risks associated with external access. CPAM and VPAM mitigate these risks, providing streamlined and secure access that organizations can rely on to help keep them safe and compliant. Make sure your organization takes advantage of the newest capabilities and enhancements available in VPAM and CPAM by upgrading to the latest version.

For customers wanting full details on the latest feature additions and enhancements, check out the release highlights here. Not yet using VPAM or CPAM, but interested in learning more? Request a demo today!

Safeguarding patient data is critical for healthcare organizations. Strong cybersecurity protects patients and avoids regulatory noncompliance. One essential solution to mitigating cyber risk is third-party access control. 

In today's digital age, the healthcare industry faces numerous challenges in safeguarding protected health information (PHI). With reliance on third-party vendors and the near-constant threat of cyberattacks, it is imperative that organizations prioritize secure vendor access. Failure to do so can not only result in a cyberattack and grind operations to a halt, but also in noncompliance with HIPAA and can bring regulatory fines.

The consequences of noncompliance

It’s no secret that noncompliance with privacy regulations has financial and reputational consequences. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has been actively enforcing compliance with the Health Insurance Portability and Accountability Act (HIPAA) for years. But now we’re seeing more enforcement related to cybersecurity best practices, especially in the event of a ransomware attack.

We recently saw this when the OCR settled a $40,000 fine after a ransomware attack at Green Ridge Behavioral Health affected the PHI of more than 14,000 individuals. According to the OCR's investigation, there was evidence of HIPAA Privacy and Security Rule violations leading up to, and at the time of the breach. This included failure to:

• Conduct regular and thorough reviews of potential risks and vulnerabilities to PHI
• Implement security measures to reduce risks to a reasonable level
• Sufficiently monitor system activity to guard against cyberattack

The settlement highlights how compliance must include proactively addressing security risks. Third-party access is a critical component to consider, as healthcare vendors often have over-privileged and broad access that greatly increases the organization’s vulnerability to data breaches, loss of PHI, and regulatory noncompliance.

What organizations can do to prevent noncompliance

According to the OCR, the primary cyberthreats in the healthcare sector are hacking and ransomware. The OCR observed a 256% increase in reports of large breaches involving hacking in the last five years, along with a 264% increase in ransomware reports. In 2023, the large breaches reported to the OCR affected more than 134 individuals — an increase of 141% from 2022 – and 79% of those breaches were hacking incidents.

The OCR recommends the following cybersecurity best practices for any organization covered by HIPAA:

• Provide regular training specific to employee workflows, reinforcing everyone’s role in data security and privacy
• Employ multifactor authentication to ensure that only authorized users can access PHI
• Make sure that all business associate agreements appropriately address obligations relating to security incidents
• Regularly conduct risk analysis and management processes, particularly when planning for new technology or operations
• Implement audit controls to record and analyze system activity, and regularly review this information
• Encrypt PHI to protect against unauthorized access
• Use prior security incidents to determine how security processes should be improved

With the importance of securing third-party access, it’s clear that a vendor privileged access management solution is essential to meet many of the above OCR recommendations.

How vendor privileged access management helps with HIPAA compliance

A vendor privileged access management solution provides third-party identity management to prevent unauthorized vendor access. It also provides granular controls to ensure that vendors can only access what they need, and nothing more. If they don't need access to PHI, they don't have it. If they do need access, granular controls and policies ensure that it is as least-privileged as possible.

Meanwhile, robust audit capabilities allow organizations to monitor and review system activity. Video recordings enable organizations to record, examine and regularly review information system activity of their vendors. This allows organizations to address potential issues before they escalate. Along with granular controls, regular audits demonstrate a commitment to HIPAA compliance. In addition, audits help organizations understand how to update access control policies to align with continually evolving regulations.

Control third-party access to ensure regulatory compliance

Healthcare organizations face increasing regulatory scrutiny and cybersecurity threats. Consequently, a strong vendor privileged access management solution is crucial in mitigating vendor access risks and avoiding noncompliance and hefty regulatory fines, while also protecting patient data.

These proactive measures safeguard sensitive information and enhance the overall trust and confidence patients place in their healthcare providers.

Learn about how Imprivata Vendor Privileged Access Management (formerly SecureLink Enterprise Access) can help.