$6B Medical Center Taps TriCipher To Protect Patient Health Information

University of Pittsburgh Medical Center Secures Health Care Portal for Customer & Physician Access to Patient Data

LOS GATOS, Calif. (May 30, 2007) – The University of Pittsburgh Medical Center (UPMC) will use TriCipher’s multifactor authentication solution to protect access to personal health information on its online patient healthcare portal and physician network – putting the medical center at the forefront of aggressively protecting patients’ identities.

The $6 billion medical center’s Web site portal will become the central information access point for more than 4 million patients worldwide. In addition, doctors will have secure access to patient health data across the entire medical center, improving patient care and increasing the efficiency of the medical center. From the outset, TriCipher’s Armored Credential System (TACS) will ensure that only authorized users can access patient health information.

UPMC expects to save as much as $2.7 million with TriCipher’s multifactor authentication approach, compared with the costs of managing one-time password tokens (OTP). TriCipher was the only company to provide multiple authentication options necessary to protect patient heath information, make the portal user-friendly for patients and doctors, and lower costs. If security needs to be tightened further, UPMC can easily increase the strength of authentication to meet new regulatory requirements or prevent new attacks by changing security policies.

TriCipher provides the industry’s strongest and most user-friendly two-factor authentication solution. Deployed across dozens of financial services companies and leading healthcare organizations, TACS provides enterprises with flexibility to customize credentials for users based on the level of security required. Its complete authentication system protects users with passwords, browser cookies and certificates, PCs, portable devices such as USB drives and iPods®, tokens, smart cards and biometrics.

“Patients and doctors want easy online access to information they need – and they expect us to keep this information safe,” said John Kramer, UPMC’s associate director of information security. “As if that’s not enough – we also need to ensure a terrific user experience to drive adoption of the portal.”

Easy Access While Avoiding Token Renewals

Everyone connecting to the UPMC portal will automatically validate that they “are who they say they are” – every time they log on – anywhere in the world, via TriCipher’s patented multi-part, public-key infrastructure (PKI)-based credential. The familiar username and password combines with TriCipher’s behind-the-scenes machine or browser verification technology, providing multifactor authentication that seamlessly protects patients’ and doctors’ identities.

More than 43,000 employees at 19 hospitals in western Pennsylvania together serve 4 million patients yearly. UPMC is linked to 500 additional care sites worldwide.

“UPMC has always protected patient health information – relying on ‘username and password’ for access to less-sensitive information, and one-time password tokens for confidential data,” said John De Santis, president and CEO of TriCipher. “These tokens can cost up to $50 per user annually for the cost of the token, provisioning, administration, shipping, and replacement of tokens. With TriCipher, UPMC will provide stronger multifactor authentication at a fraction of the cost, and users won’t have to carry a hardware device.”

UPMC is scheduled to go live with TriCipher’s solution July 1, 2007.

About TriCipher TriCipher, Inc. provides a unified authentication infrastructure to protect the B2B and B2C online channel against fraud and identity theft. The TriCipher Armored Credential System™ (TACS) is the first authentication system that enables companies to deploy and manage multiple types of credentials from a single infrastructure. Through this flexible “Authentication Ladder,” TriCipher protects customer investment by adjusting authentication strength to defeat new threats and to meet regulatory changes without the need to implement a new infrastructure. Founded in 2000, TriCipher is headquartered in Los Gatos, Calif. The company is funded by RBC Technology Ventures, ArrowPath Venture Capital, Intel Capital, Trident Capital, and Wasatch Venture Fund. For more information, visit TriCipher on the web at www.tricipher.com.