2FA and Concurrent Login Restrictions Ensure Compliance Without Slowing Workflows for Healthcare Organization

Two-factor Authentication and
Concurrent Login Restrictions

Ensure Compliance Without Slowing Workflows for Healthcare Organization

  • Customer

    Meadville Medical Center

  • Industry


  • Geography

    United States

Once we set up UserLock, it was easy to deploy and use. UserLock does what I want it to do and it works. For me, that’s fantastic.

Mark Shorts Lead Support Tech,
Meadville Medical Center

  • Challenge: To maintain HIPAA compliance, Meadville Medical Center had to demonstrate that they could prevent concurrent user sessions and accurately log which users took what actions.

  • Solution: Meadville Medical Center chose UserLock to strengthen user identity verification and augment their existing MFA solution (Okta), eliminate concurrent device logins, and meet HIPAA compliance requirements with multi-factor authentication.

  • Result: UserLock’s 2FA capabilities empowered Meadville Medical Center to verify user identity on- and off-site, offering better access control for its 2500 employees.

Securing sensitive medical data is a top priority for organizations like Meadville Medical Center, a Pennsylvania-based healthcare system. HIPAA regulations require healthcare organizations to keep careful track of who can access medical information, but maintaining detailed access logs and session data can be challenging without the right tools. Meadville Medical Center (MMC) needed a new way to verify user identities and track usage more effectively for its 2500 users, so the healthcare organization turned to UserLock.

The Challenge Concurrent User Sessions Caused Compliance Concerns

Healthcare providers at medical centers like MMC treat hundreds of patients every day, so it’s no surprise that they’re incredibly efficient. As doctors and nurses meet with patients, they often use multiple workstations to take notes, order tests, and write prescriptions. But logging into those workstations with every new patient often seems frustrating and time-consuming for providers.

In the spirit of efficiency, many healthcare professionals log into multiple computers with a single set of credentials. While this may seem practical to doctors and nurses, these concurrent user sessions pose a major security risk and violate HIPAA regulations. When a single user logs in on multiple computers, it becomes impossible to track who accessed which patient’s data, putting all the organization’s data at risk of unauthorized exposure.

MMC’s previous access management solution, Okta, didn’t offer the support they needed to prevent concurrent sessions. That inspired the MMC team to download UserLock’s free trial.

The Solution An Easy-To-Use 2FA Solution That Supports Rapid Workflows While Mitigating Risk

While the MMC team quickly discovered UserLock could help control unauthorized concurrent sessions, they quickly realized that UserLock was capable of much more than they expected. The healthcare organization also wanted a multi-factor authentication solution that could help them further strengthen their access security without interrupting their employees’ workflows.

The team wanted to leverage multi-factor authentication, but asking for identity verification too frequently would get in the way of doctors’ and nurses’ rapid workflows. UserLock's two-factor authentication solution works for MMC because it allows admins to decide how frequently to prompt for MFA. By verifying a user’s identity only when needed with an easy MFA method and allowing them to log in regularly throughout the day, MMC can secure their Active Directory user access and maintain accurate usage logs without slowing down critical workflows.

I can’t trust that someone is a legitimate user or administrator just because they were on a computer on-site. Now I can verify who’s using our computers with UserLock.

Mark Shorts
Lead Support Tech, Meadville Medical Center

However, since MMC employees occasionally use their devices outside the hospital, the team needed robust authentication controls for off-site users as well. With UserLock Anywhere, MMC can protect remote endpoints by triggering 2FA on every user connection outside the network domain or on an offline device, even if the user isn’t using a VPN or isn’t connected to internet at all. The MMC team also found it helpful to integrate geolocation restrictions to trigger 2FA automatically for login attempts made outside the United States. Since all MMC employees day-to-day work stays state-side, any connection outside the country would be immediately suspect.

UserLock is hugely beneficial when someone loses their laptop. If an employee loses their device and someone tries to log in with their credentials, they can’t gain access because of the MFA prompt.

Mark Shorts
Lead Support Tech, Meadville Medical Center

With more powerful authentication capabilities, MMC can prevent unauthorized access to their on-premise Active Directory and protect their data, even if a device is lost or stolen. Plus, insight into user sessions and usage logs can help the MMC team demonstrate HIPAA compliance and detect security threats faster, too.

The Result Stronger 2FA Access Control Both On- and Off-Site for 2500 Employees

After a straightforward setup and easy deployment, MMC started using UserLock to verify 2000 user identities linked to Active Directory. Two months later, the healthcare company expanded to cover 500 more identities.

UserLock’s straightforward setup was great. When we needed help setting up the proxy for off-site MFA, the tech support we received was fantastic.

Mark Shorts
Lead Support Tech, Meadville Medical Center

After implementing the solution, Shorts appreciates how UserLock makes it easy to prevent concurrent sessions, authenticate users, and manage usage across the organization. UserLock gives the MMC team quick insight into who is using which device no matter where they log in, ensuring that patients’ sensitive medical data is protected against unauthorized access.

Not only does UserLock strengthen MMC’s overall cyber security posture, but it also mitigates compliance risk. Demonstrating that they can restrict concurrent sessions and define usage more precisely allows MMC to prove that only authorized users can access sensitive data, demonstrating compliance with HIPAA regulations and limiting the risk of a breach.

UserLock is a clear choice for a hospital like MMC because it reliably secures the user logon without compromising user experience or efficiency. For MMC, UserLock was just what the doctor ordered.


Get your 30-day free trial now and secure your Windows network with UserLock

Download Free Trial Discover UserLock

More Case studies?

Read more reviews from our UserLock customers.