Repeatedly ranked as one of the nation’s top integrated healthcare systems, this not-for-profit is a leader in heart and kidney care, stroke care, and infection prevention. They are dedicated to improving and increasing medical options, and participating in national and international research to advance their mission of improving health every day.


first-ever top ranking by RiskRecon


of audit issues addressed

The problem

The healthcare company was in the initial stages of a company-wide digital transformation. Their goals were to lead the healthcare industry in securing data and to increase delivery efficiency.

Healthcare data protection requirements are vital, and extensive. Improving their security capabilities would boost their rankings in a range of national healthcare industry surveys, elevating the brand’s overall image and establishing their leadership position.

Several surveys evaluate security capabilities, but the company chose to focus on the esteemed RiskRecon report—a leader in The Forrester New WaveTM. Solving for the deficiencies highlighted in RiskRecon would also improve their performance in the other rankings.

Facing a fairly wide range of issues, and equipped with a relatively small application and IT security team, the company needed outside help. VIRTIS understood the problem that the company was trying to solve and had the perfect solution - RedShield.

The solution

We reviewed the RiskRecon analysis and initiated an additional trial with our own audit tools. We found that all the issues detected by RiskRecon could be resolved by the RedShield web application shielding Express package, and we developed a plan to deploy the needed shields. RedShield performed all security related tasks in both setup and ongoing operations, so migration was extremely rapid.

Additionally, we proposed the RedShield Express service for applications across the entire perimeter, with our Enterprise service as an additional option on an as-needed basis. All platforms are fully managed by RedShield. Our team performs all operational tasks, including platform management, tuning, reporting, and managing a 24/7 end-user help desk. And, migration was simple: the company only needed to provide the hostnames, SSL certificates, and any vulnerability data. We took care of the rest.

The results

The RedShield team quickly completed the setup, ran compatible tests, and then changed the DNS and locked down the perimeter firewall.

In all areas, results improved dramatically, prompting RiskRecon to move the company to the top of their rankings, and award their first ever “10” ranking. The partnership also delivered other benefits for the company:

  • The brand is now viewed as an industry leader in security and innovation.
  • Applications can be safely wrapped and moved to lower-cost cloud platforms.
  • CI/CD pipelines can keep pace without distracting developers with security issues.
  • Application development lifecycles can be safely extended.

“New teams develop new code and APIs at speed like never before, while regulation and brand dictate that we have zero tolerance for security flaws.”
— Dan Bowden, CISO, Sentara Healthcare

Next article: Fixing Flaws on a Crucial Deadline
All Case studies

See how we can shield your web applications and APIs

Get your free trial or talk to one of our experts.

Free trial
Talk to us