Additive Process for Assuring the Identity of Sending & Receiving Parties During Key Exchange
In The News
Quest Diagnostics Says Up to 12 Million Patients May Have Had Financial, Medical, Personal Information Breached
SAIL and Your Business
- Process that CONFIRMS the identity of both the SENDER and RECIPIENT when exchanging encrypted data
- Eliminates man-in-the-middle and spoofing attacks
- Facilitates incorporation of biometric data into the symmetric encryption process
- Can be adapted to work within existing TLS process or other processes that require additional security assurances
Technology in the News
What is SAIL?
- Better secures email & ecommerce transactions
- Better protects against “man-in-the-middle” attacks
- Eliminates “Phishing”
- Uses standardized (RSA) encryption
- Provides notable benefits vs. (TLS) process:
- SAIL significantly improves on the simplistic (TLS) process by including steps that securely authenticate & identify both parties.
- SAIL combined with a key exchange (such as Secure Channel’s Secure Key Infrastructure) would provide additional security benefits over the existing (TLS + OAuth 2.0) process in-use today.
Addressing the Gaps in Healthcare Security
Secure Authentication and Identity Loop (SAIL).
Healthcare organizations are increasingly targeted by hackers over the value of the data they depend on to operate. The data transmitted among staff, branches, insurance companies, devices, apps and patients is rich with protected health information (PHI) and fetches a greater price than credit card or financial information on the dark web. The healthcare sector suffers more ransomware attacks than any other industry due to the mission-critical need for providers to access PHI to operate facilities and administer treatment. Ransomware can be introduced into healthcare systems through a man in the middle transmission injection or via malicious code attached to an email from an unauthenticated party.
The highly sensitive nature of PHI and the effects that its unauthorized disclosure can have on patients are at the heart of the heavily-regulated sector’s data privacy controls. The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act impose stiff penalties on health organizations following data breaches resulting from improper PHI handling. The fallout from unauthorized PHI disclosure can include impacted patient privacy and livelihood, damaged confidence in the healthcare institution and severe financial toll.
As of 2019, the average healthcare cyberattack recovery cost is $1.4 million. To combat the rising costs, healthcare organizations have implemented technologies meant to transmit PHI securely through digital communication channels. Organizations have deployed HTTPS inspection tools designed to terminate malicious code before it reaches its intended destination, and prevent unauthorizing parties from intercepting communications. Many HTTPS inspection tools, however, were found to actually reduce the security of network traffic, leaving healthcare organizations more susceptible to the threats they sought to abate.
Healthcare organizations need a cybersecurity solution that provides end-to-end protection for its sensitive network connections. The solution must authenticate parties to ensure PHI is sent to and received by the intended recipients. It has to shore up communication channels and eliminate weaknesses man-in-the-middle attackers can exploit to exfiltrate or manipulate data, or introduce malicious code. It also needs to be limber to safeguard communications among medical devices, patient mobile apps, email clients and myriad other deployments.
SAIL solves with:
Authentication: Persons, devices and apps register with Secure Channels’ SCIFCOM token authority. The SAIL process initiates a two-way authentication between all parties seeking to establish secure connections.
Integrity: SAIL’s two-way authentication for key exchange creates an impenetrable communication tunnel that resists manipulation of protected data in transit.
Confidentiality: SAIL’s secure communication tunnel prevents unauthorized parties from intercepting PHI in transit.
Adaptability: SAIL works with existing TLS and other processes requiring additional security assurances.
Reliability: SAIL’s secure communication process ensures data and signals transmitted among apps and devices are free from interruption or manipulation that can affect their performance. It also eliminates channel weaknesses that can be used to inject systems with ransomware prompting significant business downtime.
Compliance: SAIL uses FIPS-compliant RSA to exchange keys for an extremely secure connection. SAIL provides the strong communication tunnel component for cybersecurity solutions transmitting PHI covered under HIPAA, HITECH, Payment Card Industry Data Security Standard (PCI DSS) and other data privacy controls.