VARONIS CASE STUDY Children's Hospital of Wisconsin

Similar documents
VARONIS CASE STUDY. Heemskerk Municipality

VARONIS CASE STUDY. Arnold Worldwide

VARONIS CASE STUDY. HIT Entertainment

VARONIS CASE STUDY. Philip Morris International (PMI)

VARONIS WHITEPAPER Next Generation Enterprise Search

VARONIS CASE STUDY. Greenhill & Co.

VARONIS CASE STUDY. Fresenius Netcare

VARONIS WHITEPAPER. Mastering the Information Explosion

VARONIS CASE STUDY. Matanuska Telephone Association (MTA)

VARONIS CASE STUDY THE HAGADONE CORPORATION

VARONIS CASE STUDY University of Liverpool

Accelerating Audits with Automation: Who s Accessing Your Unstructured Data?

10 Things IT Should be Doing (But Isn t)

HIPAA Compliance and Varonis

VARONIS WHITEPAPER. 11 Things IT Should be Doing (But Isn t)

How Varonis Can Help With Efforts Toward Sarbanes-Oxley Compliance

Managing Unstructured Data: 10 Key Requirements

The Business Case for Data Governance

Contents of This Paper

T E TMcDonough@AInfoSys.com W VARONIS DATA GOVERNANCE SUITE

VARONIS CASE STUDY. Analysys Mason. Analysys Mason

Global Headquarters: 5 Speen Street Framingham, MA USA P F

VARONIS WHITEPAPER. PCI DSS for IT Pros and Other Humans

T E elite@elitetele.com W VARONIS VARONIS DATAPRIVILEGE DATAPRIVILEGE. DataPrivilege

10 Building Blocks for Securing File Data

The Power of Pentaho and Hadoop in Action. Demonstrating MapReduce Performance at Scale

Varonis Systems & The Payment Card Industry Data Security Standard (PCI DSS)

Implementing HIPAA Compliance with ScriptLogic

Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Protecting Business Information With A SharePoint Data Governance Model. TITUS White Paper

Tagetik 4 Enabled By Microsoft SharePoint

How to Secure Your SharePoint Deployment

Applying Information Lifecycle Management Strategies Enables Healthcare Providers to Accelerate Clinical Workflow

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

AMDOCS CLARIFYCRM HELPS BTEXACT REALIZE 100% ROI ON MILLION-DOLLAR SOLUTION

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

CA Service Desk Manager

Vendor Risk Management

The Sumo Logic Solution: Security and Compliance

Emptoris Contract Management Solution for Healthcare Providers

Integrating faxes into today s world of healthcare e-records

HIPAA Privacy & Security White Paper

Varonis: Secure Enterprise Collaboration and File Sharing Date: June 2015 Author: Terri McClure, Senior Analyst; and Leah Matuson, Research Analyst

Protection & Compliance are you capturing what s going on? Alistair Holmes. Senior Systems Consultant

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

Introducing Centricity* PACS Web

ALERT LOGIC FOR HIPAA COMPLIANCE

IBM's Fraud and Abuse, Analytics and Management Solution

System Requirements. BWise 4.1 SP3.5. Document Version: 4135-REQ-D01-EN

White Paper. 7 Questions to Assess Data Security in the Enterprise

Easily scan documents from anywhere in the world.

Citrix GoToAssist Service Desk Security

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Big Data at Cloud Scale

AlienVault for Regulatory Compliance

Multi Support Next s. Taming your rogue business s for secure knowledge sharing, transaction efficiency, and bulletproof compliance.

LRS Output Management Solutions

Archiving technologies

Admiral Markets. ID Verification solution: Overview. Case Study

ITSM IN TODAY S SERVICE- BASED IT OPERATIONS

LogRhythm and HIPAA Compliance

Contact Center Security: Moving to the True Cloud

ZENworks Asset Management 11. Product Brochure

ARBUTUS. Arbutus Audit Analytics ARBUTUS ANALYZER. ArbutusSoftware.com

Estée Lauder Companies Global Jobs Website Privacy Policy

White paper Reaping Business Value from a Hybrid Cloud Strategy

Case Studies Mobility Management

Build a Streamlined Data Refinery. An enterprise solution for blended data that is governed, analytics-ready, and on-demand

Blackbird Management Suite Blackbird Group, Inc.

WHITEPAPER DEATH TO PST FILES A SYMANTEC HOSTED SERVICES WHITE PAPER. info@messagelabs.com

Preservation and Production of Electronic Records

Tagetik: Performance with Passion

Advanced Service Desk Security

WITHIN THE MARKETING EFFICIENCY CLOUD FROM BRANDMAKER

Thermo Scientific LIFECYCLE Asset & Service Management for Healthcare

Internet File Management & HIPAA A Practical Approach towards Responding to the Privacy Regulation of the Act

How To Evaluate Saas And Cloud Solutions

How To Buy Nitro Security

GoToAssist Remote Support HIPAA compliance guide

The ROI of a New Learning Management System (LMS)

Transcription:

VARONIS CASE STUDY Children's Hospital of Wisconsin

As a security professional, DatAdvantage fills a very important need for me. I have not seen another product that can do what DatAdvantage does. Without it, it might not even be possible to implement these kinds of Windows file share reviews. Chuck Klawans, Information Security Officer for Children s Hospital and Health System 2

THE CUSTOMER LOCATION Milwaukee, WI INDUSTRY Healthcare Children s Hospital and Health System (CHHS) is one of the top ranked pediatric facilities in the United States. It is an award-winning independent health care system that is dedicated exclusively to the health and well-being of children. CHHS comprises fourteen organizations including three pediatric hospitals, a research institute, a network of primary care pediatricians, a philanthropic foundation and wide variety of other medical resources. Together, these people work to improve the lives of children in Wisconsin, the United States and beyond. 3

THE CHALLENGE Children s Hospital and Health System treats hundreds of thousands of children each year in its three hospitals and 70 specialty clinics. Naturally, the medical and hospital professionals who treat these patients need access to electronic patient data to provide the best care possible. CHHS is dedicated to protecting this patient information and ensuring that only those who are authorized can view, update or modify it. Beyond its own high standards of data protection, CHHS must also comply with Health Insurance Portability and Accountability Act (HIPAA) regulations. To meet its own standards and those of HIPAA, CHHS needed visibility into who had access to patient data, who was accessing this data, and who should have access to the data. As Chuck Klawans, Information Security Officer for Children s Hospital and Health System explained, We really needed to understand who was accessing data and what they were doing with it. It wasn t even easy to determine what permissions users and groups had. That s challenging for an organization of any size, and even more so for CHHS which has hundreds of thousands of patients, multiple terabytes of data, and thousands of employees who need access to the data to provide care and do their jobs. While CHHS clinical information systems store patient data in databases, a variety of data is stored on file servers. Though not part of the official medical record, many of these documents contain patient data. Examples include letters referencing diagnosis, treatment, or financial matters, spreadsheets used for tracking and research, and notes (e.g., summaries of patient status, etc.) used to expedite shift changes. Sometimes, other hospitals send digital x-rays or other diagnostic scans. As is the case with many business environments, users store this information where they can get to it quickly to get their work done often in folders on file servers. 4

EVALUATION PARAMETERS In looking for solutions to these challenges, CHHS wanted an auditing solution that could track data access so they could monitor actual data use, conduct forensic investigations and demonstrate HIPAA compliance. We need to be able to understand how users are accessing data, and if access patterns are changing over time; for example if someone has a new job function, said Klawans. They also wanted a solution that could show them the access permissions users had, how users got those permissions, and could keep pace with changes in group membership and file share data. Keeping up with day-to-day changes was key, as was being able to address longer term changes as well. Klawans noted, Five years ago we had two terabytes of data, today we have fifteen to twenty. THE SOLUTION CHHS chose Varonis DatAdvantage for the organization s data access and permissions auditing needs. In looking for commercial solutions, Mr. Klawans realized there was no other way to effectively audit data access on Windows file shares. Some solutions can read Windows audit logs, but the performance impact of turning on logging in the first place renders these solutions impractical. DatAdvantage provides full data access auditing. In the first phase of incorporating DatAdvantage into their IT operations, CHHS is using the product to address their need to protect the privacy and security of patient data and ensure HIPAA compliance. Specifically, they use DatAdvantage to address Section 164.308, Administrative safeguards, portions (a)(4)(ii)(b) Access authorization and (a)(d) Information system activity review. After managing an initial 1 terabyte of data, CHHS will roll the solution out to manage the many terabytes of patient data in their data center. Based on the visibility they are experiencing with this first phase, CHHS already sees other ways to leverage DatAdvantage to simplify IT operations. These include the day-to-day administration of users and groups, as well as help desk support for deleted or misplaced data such as when users inadvertently drag and drop one folder into another. After this, CHHS foresees the opportunity to conduct fullscale entitlement reviews, where data access entitlements can be further aligned with business needs. 5

BUSINESS BENEFITS Detailed audit log of all data access Children s Hospital and Health System s own security standards and HIPAA compliance requirements demand detailed data access auditing. This audit log needs to be available on demand and cannot disrupt file server performance or availability. Varonis DatAdvantage enables CHHS to monitor all data and/ or selected files, folders and individuals as situation and information sensitivity demands. Full visibility of data permissions and how they were inherited CHHS has to know who can access sensitive patient data, and whether that access is based on business need or inheritance. Operating system tools and conventional products cannot provide this visibility. Varonis DatAdvantage provides comprehensive visibility of which users can access any given data set and whether access entitlement was granted explicitly or inherited. Access revocation recommendations The data access needs at CHHS evolve and change over time. Job roles and responsibilities change, projects end, and medical residents and medical students finish their multi-year stays. CHHS also has consultants and contractors that may need permissions assigned forjust a few days, weeks or months. Varonis DatAdvantage monitors and analyzes user-to-data access patterns, and recommends revocations on the basis of that analysis. 6

About Varonis Varonis is the leader in unstructured and semi-structured data governance software. Based on patented technology and a highly accurate analytics engine, Varonis solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times from all devices, all use is monitored, and abuse is flagged. Varonis makes digital collaboration secure, effortless and efficient so that people can create and share content easily with whom they must, and organizations can be confident their content is protected and managed efficiently. Free 30-day assessment: Within hours of installation You can instantly conduct a permissions audit: File and folder access permissions and how those map to specific users and groups. You can even generate reports. Within a day of installation Varonis DatAdvantage will begin to show you which users are accessing the data, and how. Within 3 weeks of installation Varonis DatAdvantage will actually make highly reliable recommendations about how to limit access to files and folders to just those users who need it for their jobs. Worldwide Headquarters 1250 Broadway, 31st Floor, New York, NY 10001 T 877-292-8767 E sales@varonis.com United Kingdom and Ireland Varonis UK Ltd. Warnford Court 29 Throgmorton Street London, UK EC2N 2AT T 020 3402 6044 E sales-uk@varonis.com Western Europe Varonis France SAS 4, rue Villaret de Joyeuse 75017 Paris France T +33 (0)1.82.88.90.96 E sales-france@varonis.com Germany, Austria and Switzerland Varonis Deutschland GmbH Robert Bosch Strasse 7 64293 Darmstadt T + 49-0-6257 9639728 E sales-germany@varonis.com 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information