Renowned for innovation and out-of-the-box thinking, this North America-based healthcare provider has been in the business for over 50 years.
The company has a rich portfolio of services including the provision of image storage technology solutions for institutions that don’t have the in-house ability to store or distribute medical images. A state-of-the-art picture archiving communication system (PACS) offers clients a full suite of capture, archiving, transmission and display capabilities.
The comprehensive portfolio of services and wide variety of endpoints also present a broad attack surface for cyber criminals. The company’s chief information officer observed, “There are many sophisticated cyber challengers out there and we want to protect ourselves from being on the ‘wall-of-shame’! We cannot take any risks with the integrity of the data we handle; the reputational and financial impact would be unacceptable.”
Alongside its traditional protection measures the company has deployed a sophisticated set of security solutions, including breach detection technologies and predictive artificial intelligence capable of discovering advanced malware. “The final piece of the puzzle was to identify an encryption solution that could work seamlessly with our existing security solutions, while providing the highest level of protection for patient data at rest in databases, applications, and log files: all at an affordable cost,” recalled the CIO.
To be considered a viable contender, any potential encryption solution had to be capable of operating without disrupting the patient management system or PACS-related applications, while simultaneously meeting all HIPAA and protected health information (PHI) regulatory standards.
The team initially explored the possibility of an application vendor-provided encryption solution but at the time the PACS and patient management system providers did not offer it. “We created a prioritized list of alternatives, and when we received approval to make the investment we conducted a trial of Vormetric Transparent Encryption from Thales,” commented the CIO.
To fully evaluate the solution, test databases were created using structured patient information. The Vormetric Data Security Manager (DSM) agent was installed in monitor mode and the permissions required by PACS application users were set up (part of Vormetric Transparent Encryption, the DSM is used to manage policies and implementation). The tests evaluated encryption/decryption speed, the effect of encryption on the applications being protected, and the level of interoperability with the company’s existing security components. Impact on HIPAA and PHI governmental compliance levels were also reviewed.
The trial yielded a very positive outcome. “We were really pleased with the way the Thales solution worked with our PACS application,” reported the CIO. “The DSM is designed so that encryption is almost transparent to the application. We found we could encrypt and decrypt data on the fly without disruption.”
Following successful completion of the trials, a formal decision to deploy the Thales solution was made. The team took a very structured approach to the order in which operational files would be encrypted. “The granularity of encryption made the whole process easy; we could choose a database or a specific group of files to encrypt at each step. This enabled us to immediately secure critical data without having to encrypt everything at once,” said the IT executive.
He added, “This allowed us to avoid the BitLocker/ full-disc-encryption – all or nothing – scenario and definitely reduced the resource overhead. All at a price point that was within our budget.”
The company currently encrypts several terabytes of structured data. The ability of Vormetric Transparent Encryption to scale volumes of data into petabyte levels ensures ongoing investment protection and provides the flexibility to adapt to evolving business requirements.
Ease of use and intuitive administration also are core components of the Thales solution. “I’ve challenged my team to look for technology solutions that do the heavy lifting for us; Vormetric Transparent Encryption provides an easy interface that even a CIO can understand,” said the CIO.
He concluded, “Thales has enabled us to further elevate the levels of security and integrity that we have across all of our clients’ data. The Thales solution takes care of itself: once the data is encrypted and you turn on ‘policy enforcement’, Thales just does its thing.”
Peace oF Mind
With Vormetric Transparent Encryption from Thales in place, the CIO and his team have confidence that their clients’ data and trust are fully protected. The chief information officer summarized the sentiment of his CEO: “Thales is like an insurance policy – we’ll do our very best to ensure that a breach never occurs – but just in case something did happen, we’re glad we have it!”
About Thales eSecurity
Thales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged-user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.Download