Solving the “Sticky Note” Problem
How SecureLink helped Arizona’s North Country HealthCare improve security while scaling up
To provide a vendor privileged access management solution for North Country HealthCare that ensures third-party security as the organization scales up.
SecureLink’s web-based remote access reduced the risk of a third-party breach while streamlining North Country HealthCare’s vendor management.
Just over a year ago, Julian Bowers would lie awake at night worrying about sticky notes. As the systems administrator for North Country HealthCare (NCHC), every new vendor Bowers set up with VPN access would, inevitably, lead to another piece of paper with login credentials sitting out in the open.
“It was always a constant concern — who’s got the credentials to get to your environment?” said Bowers. “Once you’re in via a VPN, if you’ve got the whereabouts, you can go anywhere you want.”
Every systems administrator has to deal with the sticky note problem, but at NCHC, a non-profit serving 12 communities across northern Arizona, it was especially stressful for Bowers and Chief Information Officer Jon Smith. The organization was rapidly expanding to meet community healthcare needs, but Bowers and Smith had limited resources to keep everything secure.
“It’s really hard to grow and retain talent who understand multiple technologies and systems. We’re typically the stepping stone for individuals,” says Smith. “You can’t get out to all these places to fix all these problems. And so you start getting behind. That’s the uniqueness that we deal with.”
Compared to other industries, the healthcare sector suffers four-times more cyber attacks. With medical breaches up 55% in 2020, and the cost of an average breach ranging from $7 million to $15 million, for a non-profit like NCHC, there is zero margin for error.
Smith, who had extensive cybersecurity experience before coming to NCHC, knew that most data breaches start with third-party vendors, and that it was only a matter of time until something like a sticky note would lead to disaster.
A “no-brainer” solution to an old problem
For over a year, both Bowers and Smith knew that they had to figure out a solution to their “sticky note” problem, but neither had the resources or the bandwidth to come up with a solution.
“We were constantly working 70-hour, 80-hour weeks trying to keep on top of things,” said Bowers. “It made it so that rather than looking at a great solution, like SecureLink, we’d be asking, ‘How can we make our VPN access more secure?’”
They were so focused on the problem, that it became almost impossible to consider other solutions. That is, until SecureLink reached out to Smith.
Normally, he gets “about 900” pitches from vendors filling up his inbox. When Smith saw what SecureLink had to offer, however, he was so intrigued that he stopped in a parking lot to do a demo on his phone while on the road.
“I came across SecureLink, and it was just a no-brainer for me,” said Smith.
They had been looking for something that would make their VPN access more secure. But with SecureLink, Smith realized they could remove the VPN vulnerability altogether.
“It provided an easier manner for Julian and others to be able to provide access to our environment,” said Smith. “But it also allowed us to sleep at night, knowing that we’re not just continually adding a whole bunch of VPN doors for individuals to be accessing.”
Replacing sticky notes with Welsh village names
After the initial setup process, SecureLink almost immediately eliminated their “sticky note” problem.
With no more VPN to access, NCHC’s vendors no longer had to write down shared VPN passwords. And with no more passwords, no more sticky notes.
What’s more, because NCHC’s vendors were now logging into SecureLink, instead of directly into NCHC’s systems, Bowers could add in an additional layer of security with more complex passwords.
“It’s great that we’ve got that ability now to not have someone use ‘password’ as their password,” said Bowers. “Now it’s some Welsh village name that’s extremely long and uses all different kinds of characters.”
Doing more with less
With their sticky note woes behind them, both Smith and Bowers are finding new ways in which SecureLink helps them shore up third-party security as they grow, with little additional effort.
“Now we’re trying to catch up and put efficiencies in place. And do it securely, which is really where SecureLink comes into play,” said Smith. “Being able to say, ‘Let’s get all the help, but let’s reduce the risk.’”
For one, SecureLink’s intuitive vendor onboarding process now frees Bowers up to tackle other pressing concerns.
“I don’t think there’s been one vendor who’s contacted me to say, ‘How do I use this?’,” he said. “It’s obviously intuitive for the end user. They just see it, login, they see what they want, they click on it, and they use it. There’s no confusion.”
In fact, now that Bowers can put in account expiration dates and track vendor activity in SecureLink, he knows who is accessing NCHC’s systems, and more importantly, who isn’t.
“Literally, more than half of the accounts I’ve created have expired for months or more. And they have not asked for their credentials to be renewed,” he said. “Which is a nice thing on our end, because then we know instantly that those credentials are not out there to be used.
Solving those “head-smacking” problems
SecureLink is also helping NCHC deal with the inevitable issues that crop up as the non-profit grows. Recently, a vendor plugged an unsecured laptop into NCHC’s network switch to troubleshoot security cameras. Before working with SecureLink, this would have been a major headache for Bowers and Smith.
“Now we’re like, ‘Hey, let’s get them into SecureLink,” said Smith. “It solves those ridiculous problems that just make you smack your head.”
About North Country HealthCare:
North Country HealthCare is a non-profit community healthcare center that serves over 50,000 patients in 12 communities across northern Arizona. Founded as a volunteer-run clinic in Flagstaff in 1991 and established as a non-profit in 1996, NCHC has since expanded to working with over 90 providers and numerous external entities, with 10 currently accessing NCHC’s systems.
Access the Case Study
"I don’t think there’s been one vendor who’s contacted me to say, ‘How do I use this?’ It’s obviously intuitive for the end-user. They just see it, login, they see what they want, they click on it, and they use it. There’s no confusion."
Julian Bowers, Security Administrator, North Country HealthCare