MiSalud Health Says Adiós to Password Sharing

MiSalud Health’s mission is to enable the LatinX community to participate in and access the benefits of the digital health revolution. While 25% of the country’s population is Hispanic, only 5% of healthcare providers speak Spanish.

The organization’s pioneering founders launched MiSalud Health in 2021 as the first culturally-inclusive virtual medical center for primary care, mental health, and wellness. In a short time, the organization has enrolled tens of thousands of socios (members) and dozens of enterprises throughout the U.S. and Latin America.

Simple, secure solution

Wendy Johansson is MiSalud Health’s co-founder and serves as the company’s Chief Product Officer — and IT Manager. “As a healthcare organization, we’re especially cognizant of the need for password security,” she says. “We’d been using Google Password Manager, but when Chrome had a major security breach, we asked employees to stop saving passwords in Chrome immediately. We needed a more secure yet simple way to handle passwords and program access. That’s when we found Cerby.”

Demonstrate compliance

Compliance mandates within the healthcare industry impact MiSalud Health, and Cerby has become an essential partner in the organization’s compliance framework. “We need to demonstrate our compliance with HIPAA and SOC 2, and with Cerby, we know we’re covered,” says Wendy

Cerby’s capabilities also help enforce MiSalud Health’s own compliance standards. “Cerby provides an access and password management platform that goes beyond traditional password managers,” Wendy explains. “We know that our social presence is secure and that we are following industry best practices when managing security features like two-factor authentication and password rotation.”

Sharing is not caring

Increasingly popular among the organization’s members are the (often live) presentations hosted by clinicians and streamed on Instagram and Facebook.

“Naturally, we want the clinicians to post them in MiSalud Health’s Instagram feed, but that meant sharing our social media passwords with dozens of people,” Wendy explains. “With Cerby, there is no more sharing passwords or 2FA codes. We simply give the right people access to our social accounts within Cerby, and they can log in using their secure corporate credentials.”

Do I have to do 2FA every time?

Previously, when MiSalud Health’s practitioners would log into one of the organization’s social media accounts, the 2FA code would be sent to the account’s owner — not the practitioner. “We got a lot of pushback and fielded many requests,” recalls Wendy. “The account owner would have to share the code with the practitioner to allow them to log in. If the account owner wasn’t immediately available, they couldn’t get in.”

In addition, the organization’s team also battled frequent application lockdowns as users attempted to log in from outside the country. Now, the user no longer has to enter the individual application’s password. They are authenticated through Google and are in. “With Cerby, we can enforce 2FA for all users — even shared accounts,” Wendy adds.

In the way, without being in the fray

For MiSalud Health’s workforce — indeed for workforces in general — “too technical” is a problem. “We naturally look for workarounds to avoid what we see as inconvenient security roadblocks,” Wendy says.

Wendy recalls hearing from one clinician that she wished they had something like Cerby in the hospital where she works because it is both highly secure and very simple.

“That’s key to the broad adoption of technology — keeping it simple. People just want IT and security to get out of the way so they can do their jobs. With Cerby, security is firmly — but transparently — in the way.”

Time back in the day

The organization configures its Google Identity Platform to require frequent password updates, but the protection doesn’t extend to social media platforms. With Cerby, though, MiSalud Health can extend that same high level of security to Twitter, Instagram, YouTube, and Facebook.

As a busy startup executive, Wendy appreciates the significant time Cerby saves her each month managing passwords. “I used to spend several hours each month performing routine password changes or updating access permissions when contract employees rotate out of the company,” she says. “Cerby handles routine password rotations automatically, and now, changing permissions for a past employee is done in a single step.”

Build the brand by protecting the brand

“Cerby helps us build our brand by protecting the brand,” Wendy concludes. We can now share access to our social media so more clinicians can be in front of patients, spreading awareness of our value proposition and allowing more companies and their employees to take better control of their health.

The Challenge

MiSalud’s marketing team manages applications like Facebook, Instagram, and Twitter to communicate and engage with consumers. The complexity of managing authentication of these applications drove MiSalud Health's leadership to find a more secure and less time-consuming solution that solved for:

• Manual and error-prone process for removing and adding access of individuals and health practitioners to social platforms
• Enrollment in two-factor authentication that was not automatically enforced and often attached to a single employee’s phone
• Frequent application lockdowns as users attempted to log in from outside the country
• Enforcement of compliance standards that go beyond traditional password managers

The Solution

• Eliminated social media password sharing
• Protecting all social media accounts with 2FA
• Ensuring industry best practices surrounding data security
• Extending secure access to content creators
• Savings time through streamlined password control
  
  

Download to read the full story