Special Guest Interview: Farokh Herfat, Head of Channel Partnerships at Twingate

In the latest episode of the Sit and Stay Podcast, we’re joined by Farokh Herfat, Head of Channel Partnerships at Twingate, to talk about a topic that every mental health provider needs to understand: cybersecurity and patient data protection.

Farokh walks us through the risks that providers face every day, especially in small or solo practices, and how Twingate’s Zero Trust network approach can help safeguard sensitive patient information without slowing you down.

The Problem: Flexibility Has a Dark Side

Modern clinicians are no longer tethered to a single office. They're logging in from coffee shops, telehealth setups, home offices, and multiple devices. This flexibility makes care more accessible, but it also opens doors to security risks.

According to Farokh, these risks often start with something as simple as using public Wi-Fi or reusing passwords across accounts. He shared a relatable story about using a coffee shop network and immediately regretting it. And he’s not alone. Many providers underestimate the threats that come with convenience.

The Rise of Ransomware-as-a-Service

It’s not just tech-savvy hackers anymore. Thanks to platforms on the dark web, anyone can now pay to launch coordinated attacks on thousands of small businesses, including mental health practices.

And unfortunately, small and midsize practices are often easier targets because they don’t have dedicated IT staff or robust infrastructure. Hackers are simply looking for the unlocked door.

Why Traditional VPNs Fall Short

Before RipsyTech adopted Twingate, our customers accessed their EHR through a standard VPN (Virtual Private Network). While better than nothing, VPNs give broad access to systems once a user is inside, and they often slow down performance or require cumbersome multi-step logins.

That’s where Zero Trust architecture comes in. Twingate was built from the ground up to solve this problem by verifying who you are, what device you’re using, and what data you’re trying to access every single time.

Security That’s Simple by Design

One of the most impressive aspects of Twingate is that it doesn’t just secure access—it does so with minimal disruption to the user experience. As Farokh explains, Twingate’s founders were intentional about creating a product people would actually want to use.

At RipsyTech, we’ve found that even the least tech-savvy users adapt quickly to Twingate. It’s one small download, and from there, login is fast, smooth, and secure. You might be asked to authenticate again occasionally, but that’s part of protecting you from edge cases like stolen laptops or malware-infected devices.

A Message for Mental Health Providers

Cybersecurity might not be your specialty but protecting your patients is. And in today’s digital world, that includes securing their records, notes, and personal health information.

Farokh emphasizes that compliance with HIPAA is the minimum. Real trust and real protection go beyond that, especially with the increasing use of AI tools, session recordings, and online scheduling platforms in mental health care.

Final Thoughts

Even one misstep, like logging in from an untrusted device or using a recycled password, can lead to devastating consequences for your practice and your patients. And while it’s tempting to think “I’m too small to be a target,” that’s exactly what attackers are counting on.

At RipsyTech, we chose Twingate because we wanted a system that puts security first without adding friction. It’s why every provider using our EHR accesses it through Twingate, and why we recommend this episode to every clinician we work with.

To learn more about Twingate, visit twingate.com.

Want to learn more?

Listen to our full conversation with Farokh here: https://youtu.be/10PFL2nnipY

Want to experience Twingate as part of your EHR?

Book a demo with RipsyTech today and see how we’ll make securing your patient data simple.