Centralized Security Management, Data Loss Prevention, and Endpoint Protection

Executive Summary

Overview
Presbyterian Healthcare Services (PHS) is a system of nonprofit hospitals, which, along with the for-profit Presbyterian Healthcare Plan, creates an integrated healthcare system. For more than 100 years, PHS has been committed to a single purpose: improving the health of individuals, families, and communities throughout New Mexico. PHS reinvests the entire margin it earns into better healthcare for New Mexico, and it has reinvested more than $350 million into local healthcare since 2006. PHS employs nearly 10,000 doctors, nurses, and staff members in its numerous hospitals and clinics and insures more than 600,000 individuals—about one in three New Mexicans—every year. PHS is New Mexico’s largest employer.
Barriers
Due to the nature of its business, PHS requires faultless continuity of systems and strict adherence to industry standards for healthcare operations. In particular, PHS was subject to information security regulations for electronic records (including the Health Insurance Portability and Accountability Act or HIPAA). Its information technology (IT) environment was broad and diverse, with multiple platforms and both physical and virtual servers. Its legacy security systems did not have the capabilities to identify the need for security patch updates nor could they detect or prevent incidents of improper use of patient
information. As a result, PHS needed to rely upon an honor system among its employees to stay within compliance, and this made it virtually impossible to document compliance for auditors. Finally, the lack of an integrated security solution meant that the IT department conducted reactive, high-touch incident response, requiring up to 10 days to analyze, confirm, and remediate a single incident. IT lacked the automated identification and remote management capabilities to handle an incident in a low-touch way.
The Solution
In July 2009, PHS underwent a 14-month migration to an integrated set of Symantec solutions for incident visibility, response, and management. This included Symantec Data Loss Prevention to monitor and enforce policies for the use of confidential information; the Arellia Application Control Solution on the Symantec Management Platform for secure application usage; Symantec Endpoint Protection to provide comprehensive security for servers, workstations, and laptops; Symantec Security Information Manager to correlate, prioritize, and manage security events; and Symantec Control Compliance Suite to automate compliance reporting and policy management. PHS IT specialists worked alongside Symantec Consulting Services during implementation, enabling rapid knowledge transfer with continuous operations of mission-critical systems.
Benefits
A TOEI® analysis by Alchemy Group found that Symantec solutions delivered significant operational and economic benefits by automating labor-intensive tasks and providing better analysis tools. The Symantec solutions and associated process improvements reduced the time that IT staff and end users spent on key security and compliance activities. The resources gained were redeployed to other IT business-critical areas. Actual and projected savings of more than $800,000 were identified for the period from January 2010 through December 2012.

For more information or to download this document, go to http://www.alchemygroupinc.com/category/research/bva/