Sentara Healthcare is a not-for-profit integrated healthcare system based in Norfolk, Virginia. With 300+ sites of care and 28,000+ employees across the system, they provide healthcare services to millions of patients. Due to the nature of their business, they need to safeguard protected health information (PHI) and are required to meet compliance requirements such as HIPAA and EPCS.
Despite existing security controls, they were at risk due to consistent phishing attempts by attackers trying to steal user credentials to get access to their network. They knew multi-factor authentication (MFA) would be ideal to mitigate the risk of credential theft. Leadership had previous experience using Duo, but they were concerned that their physician user base might resist implementation if the tool added additional burden to their workflow.