Healthcare organizations are prime targets for cyber criminals, who over the last decade have compromised the personal information of approximately 200 million American patients through security breaches.
That equates to more than half the U.S. population, and it’s a figure that grows every day.
It’s easy to understand why hackers are drawn to healthcare. The data and information such health systems collect and save (names, social security numbers, medical history, etc.) is extremely valuable, and the sheer size of these organizations provide hackers ample opportunity to break in.
Because humans are typically the weakest link in an organization’s security chain, phishing — a technique of fraudulently obtaining private information by deceiving an unsuspecting person — remains the most prevalent tool of choice. Phishing attacks can be deployed through all types of methods (link manipulation, filter evasion, etc.), but email is the most common. In fact, nearly 96 percent of phishing attacks were delivered through email in 2018, according to Verizon’s most recent Data Breach investigation Report.
With that understanding, the CIO and CISO of one of the nation’s largest healthcare systems convened a meeting to focus on security tools for efficiency and automation in an Office 365 environment. The organization was experiencing extremely high people and technology costs relating to its security measures.
The health system, with over 200,000 mailboxes and 175,000 endpoints to monitor, turned to WWT to remove internal barriers left over from multiple acquisitions as it standardized email and office productivity.
The customer was using three separate security technology providers to accomplish the task — each with their own unique systems and processes, relationships to manage and pay structure — and had a two-week window to either renew of find a new solution.
Further, the organization was found to be particularly vulnerable to phishing and other malicious cyber threats aimed at administrators and physicians thanks to a long history of security shortcuts over the years.
The customer needed a vendor-neutral testing environment to evaluate multiple security solutions against one another so it could make the best-informed decision regarding the future of its email and endpoint protection platform.
WWT leveraged its state-of-the-art Advanced Technology Center to perform a series of proofs of concept (POCs) for email security. The POCs and additional evaluation helped lead the customer to a single solution from Symantec’s endpoint security suite.
WWT proved the technical consolidation from three OEM relationships to one cloud-based provider would be smooth and effective as well as reduce risk exposure across the ever-evolving email threat spectrum.
Symantec’s single solution encompassed email security, cloud security, email threat isolation and email threat detection and response. In displacing the disparate solutions, the customer was able to save approximately $3 million by shedding subscriptions and licensing fees associated with the multi-vendor approach.
Fewer vendors to manage also enabled the customer to realize a lower cost of administration on its end. And in an industry that is desperate for cybersecurity talent, the customer was able to redirect skilled staff that were tasked with managing each solution to align with key risk management activities and reduce risk in other areas of the business.
Data breaches affect healthcare organizations more than businesses in any other industry, with each breach costing organization’s $408 per record on average, according to research from the Poneman Institute. In many cases, data breaches expose hundreds of thousands of individuals’ data — in February 2019 alone, more than 2.11 million healthcare records were compromised.
WWT’s deep technical capability in the ATC combined with its ability to act as a vendor-neutral advisor helped the healthcare customer better secure the data of its millions of patients, thus protecting it from the painful experience of going through an often highly publicized data breach.