Case Study
Securing Data: from choice to DLP
Global private healthcare company
Data Loss Prevention (DLP)
Overview
A global healthcare provider decided to proactively improve their data management beyond the sector’s legislated benchmarks.
Performanta ran an in-depth data audit, using this information to collaborate with the client and create a data management roadmap.
Our client chose a specific DLP strategy with a product that includes data fingerprinting to manage all data types.
Performanta deployed and matured the DLP solution based on the roadmap and strategy, including security monitoring and response features.
Our client now has complete global control over business, healthcare, and customer data at rest, in use, and in motion.
Their proactive approach saved them the considerable costs of a breach and let them establish data management fitted to their requirements and exceeding healthcare data standards.
Executive Summary
Healthcare providers have to adhere to stricter data requirements than most other sectors. They are custodians of extensive Personal Identifiable Information (PII) and Personal Healthcare Information (PHI), both very attractive to cybercriminals. Additionally, healthcare operations are incredibly reliant on data, and any disruption to that data directly damages performance, compliance and reputation. To top this all, global healthcare providers move data across large regions and through many stakeholders, creating ample opportunities for cybercrime to strike.
Performanta’s global private healthcare leader client could see the writing on the wall. Rather than wait for a breach to prompt action, they proactively tackled their data risks and developed a data environment that exceeds healthcare standards and requirements. To achieve this, our client recruited Performanta to help develop their best course of action. After we developed strategic choices informed by an extensive data audit, they chose a specific data-loss prevention (DLP) strategy, designed and implemented with Performanta’s collaboration. We assured rapid and comprehensive protection by customising the DLP’s existing PII and PHI policies, and integrating the DLP into the client’s incident response planning.
This case study is all good news. The client wasn’t recovering from a breach or reacting to problems. They understood prevention is much better (and cheaper) than cleaning up a breach’s mess. Performanta helped them build a global data management solution that tracks data at rest, in use, and in motion, using the DLP platform’s unique data fingerprinting features to identify and track structured and unstructured data. When the DLP went live, they achieved compliance and security that exceeds healthcare requirements and aligned a cyber-safe data environment to their business needs.
The Challenge
Our client, a global private healthcare company, did not wait until the worst happened. It saw the value of investing in thorough data security, especially given the health sector’s onerous data regulations. Besides privacy considerations, healthcare’s sensitive, even compromising, personal information is very attractive to cybercriminals. The client is the custodian of many patients’ personal health information, including high-profile individuals, who trust them with keeping that information safe.
They aimed to exceed their sector’s strict privacy regulations and justify that trust. The client also appreciated the enormity of their task, seeking the best answers to their specific security requirements. Many organisations only become significantly security-focused after a breach. By being proactive, our client could study their options, select the best strategy and services, and operationally absorb such an investment.
The Solution
The private healthcare provider recruited Performanta to help them understand their data landscape and articulate their choices. A thorough data risk and maturity survey created a roadmap of the company’s data assets and associated processes. Collaborating with our client, we used this blueprint to identify vulnerabilities and plan their security strategy: a Data Loss Prevention (DLP) solution to oversee their data in storage, use, or motion. This DLP, implemented by Performanta, features sophisticated detection technologies (including fingerprinting of structured and unstructured data) and robust policies specifically designed to protect personally identifiable information (PII) and protected health information (PHI).
DLP solutions don’t work out of the box. They must align effectively with the environment they protect. Performanta has extensive experience deploying DLP solutions and rehabilitating DLPs deployed by other providers. We customised the DLP’s policies to align with our client’s specific data handling processes, ensuring they address the healthcare industry’s unique data demands. We also integrated it with the company’s incident response plan, and established ongoing monitoring, regular updates, and policy refinements, preparing for regulatory changes or breach attempts.
The Results
By proactively committing to a comprehensive data protection strategy, our client realised many benefits. The thorough data risk and maturity survey and deploying a comprehensive DLP solution significantly enhanced their data security posture. They now monitor data in all its states and exceed healthcare privacy regulations. The roadmap derived from the data assessment helps identify vulnerabilities and weak points in their data-handling processes, enabling them to implement security measures proactively.
The DLP solution adds sophisticated detection technologies and robust policies to significantly reduce the risk of data breaches. Its unique data fingerprinting enhances traceability, making tracking and securing data easier—even in the event of a breach attempt. The collaboration with Performanta delivered a comprehensive and continually enhanced data environment with clear visibility, management, compliance, and security. Our healthcare client now owns a secure, compliant, and trustworthy environment that upholds patient privacy.
Talk to our experts
About Performanta
Performanta was founded in 2010 and has over 150 staff worldwide, including former CIOs/CISOs from large enterprises. It has a global footprint with a team of 80 analysts working in two SOCs, helping to secure customers across 50 countries, from offices in the United Kingdom, Australia, Germany, South Africa and the USA. Performanta offers a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk. With a holistic cybersecurity view, we understand the modus operandi of the perpetrator and accordingly build an intelligent defence mechanism to make customer environments less susceptible to attacks.