A regional healthcare system with dozens of hospitals and surgical/imaging centers throughout the Midwest engaged CBI to start at the ground floor and build a comprehensive data protection program. The healthcare organization needed a defensible position that would not only help protect patients’ protected health information (PHI), but would also include data governance, classification, discovery, visibility, and data loss prevention. Basically, the organization needed to answer the important questions:
CBI started with an assessment based on the requirements of different stakeholders across the organization—from clinical and research to education and corporate. CBI determined that the healthcare organization needed to prove immediate time-to-value through robust DLP, as well as: lower its risk of exposing PHI and personal identifying information (PII); identify, monitor and detect data-in-motion; identify and classify sensitive data; allow critical business functions while providing DLP services, and more. In addition to the DLP assessment, CBI requisitioned key vendors to present their solutions and conduct demonstrations in a cohesive, “apples-to-apples” way. Based on strategic recommendations from CBI, the healthcare organization selected a vendor package that included the latest in anti-phishing solutions, data access governance, Forcepoint data loss prevention and Boldon James data classification and tagging.
Not only did CBI save the healthcare organization valuable time, because it didn’t need to investigate the various security solutions, but it will also be integrating the solutions faster than the organization could do on its own. CBI’s involvement in the assessment and sourcing process helped the healthcare organization’s CISO package everything together—from architecture to strategy to vision—so that selling this through to the C-level and the board was faster and easier than expected. CBI helped bridge the gaps between the business units, data protection technologies and the architecture to ensure one aligned vision for moving forward. Plus, the healthcare organization is already experiencing unprecedented visibility into its data and systems. The next step will be proactive blocking and prevention—essential elements to any secure healthcare environment.